VYPR
Medium severity6.1GHSA Advisory· Published May 27, 2026· Updated Jun 2, 2026

CVE-2026-44681

CVE-2026-44681

Description

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. This vulnerability is fixed in 1.6.12 and 1.7.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
authlibPyPI
>= 1.7.0, < 1.7.11.7.1
authlibPyPI
< 1.6.121.6.12

Affected products

9

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.