CVE-2026-28490 in AuthlibИнформация

Сводка

по MITRE • 16.03.2026

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algorithm. Authlib registers RSA1_5 in its default algorithm registry without requiring explicit opt-in, and actively destroys the constant-time Bleichenbacher mitigation that the underlying cryptography library implements correctly. This issue has been patched in version 1.6.9.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

GitHub M

Резервировать

27.02.2026

Раскрытие

16.03.2026

Модерация

принято

Вход

VDB-351304

CPE

готов

CWE

CWE-203 (Подтверждённый)

CVSS

6.5 (NVD)

EPSS

0.00016

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-28490
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-28490
CVE Details	https://www.cvedetails.com/cve/CVE-2026-28490/

◂ Предыдущий Обзор Далее ▸

Do you know our Splunk app?

Download it now for free!