CVE-2026-27962Improper Verification of Cryptographic Signature in Authlib

CWE-347Improper Verification of Cryptographic Signature7 documents6 sources
Severity
9.1CRITICALNVD
EPSS
0.1%
top 80.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AuthlibDebian Python-authlib
Timeline
PublishedMar 16

Description

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic key embedded in the attacker-controlled JWT jwk header field. An attacker can sign a token with their own private key, embed

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

debiandebian/python-authlib< python-authlib 1.6.9-1 (forky)
NVDauthlib/authlib< 1.6.9
PyPIauthlib/authlib< 1.6.9

Patches

Patch: github.com

🔴Vulnerability Details

3
OSV
Authlib JWS JWK Header Injection: Signature Verification Bypass2026-03-16
GHSA
Authlib JWS JWK Header Injection: Signature Verification Bypass2026-03-16
OSV
CVE-2026-27962: Authlib is a Python library which builds OAuth and OpenID Connect servers2026-03-16

📋Vendor Advisories

2
Red Hat
authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability2026-03-16
Debian
CVE-2026-27962: python-authlib - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-27962 Impact, Exploitability, and Mitigation Steps | Wiz