CVE-2026-44681
EUVD-2026-3263727.05.2026, 20:16
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. This vulnerability is fixed in 1.6.12 and 1.7.1.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| authlib | authlib | 𝑥 < 1.6.12 |
| authlib | authlib | 1.7.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration