Medium severity5.4NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026
CVE-2026-41425
CVE-2026-41425
Description
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
authlibPyPI | < 1.6.11 | 1.6.11 |
Affected products
12- osv-coords11 versionspkg:apk/chainguard/airflow-2pkg:apk/chainguard/airflow-3pkg:apk/chainguard/datahub-ingestionpkg:apk/chainguard/datahub-ingestion-fipspkg:apk/chainguard/mlflowpkg:apk/chainguard/open-webuipkg:apk/chainguard/pgadmin4-fipspkg:apk/wolfi/airflow-3pkg:apk/wolfi/mlflowpkg:apk/wolfi/open-webuipkg:pypi/authlib
< 2.11.2-r8+ 10 more
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 1.5.0.3-r0
- (no CPE)range: < 1.5.0.1-r2
- (no CPE)range: < 3.11.1-r0
- (no CPE)range: < 0.9.2-r0
- (no CPE)range: < 9.14-r1
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.11.1-r0
- (no CPE)range: < 0.9.2-r0
- (no CPE)range: < 1.6.11
Patches
Vulnerability mechanics
References
4- github.com/authlib/authlib/security/advisories/GHSA-jj8c-mmj3-mmgvnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-jj8c-mmj3-mmgvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-41425ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/authlib/PYSEC-2026-25.yamlghsaWEB
News mentions
0No linked articles in our index yet.