CVE-2026-28490 in Authlibinfo

Zusammenfassung

von MITRE • 16.03.2026

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algorithm. Authlib registers RSA1_5 in its default algorithm registry without requiring explicit opt-in, and actively destroys the constant-time Bleichenbacher mitigation that the underlying cryptography library implements correctly. This issue has been patched in version 1.6.9.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

27.02.2026

Veröffentlichung

16.03.2026

Moderieren

akzeptiert

Eintrag

VDB-351304

CPE

bereit

CWE

CWE-203 (bestätigt)

CVSS

6.5 (NVD)

EPSS

0.00016

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-28490
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-28490
CVE Details	https://www.cvedetails.com/cve/CVE-2026-28490/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!