CVE-2026-27962CRITICAL 9.1EPSS p32.5%

CVE-2026-27962CVE-2026-27962

Description

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic key embedded in the attacker-controlled JWT jwk header field. An attacker can sign a token with their own private key, embed the matching public key in the header, and have the server accept the forged token as cryptographically valid — bypassing authentication and authorization entirely. This issue has been patched in version 1.6.9.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.41% probability of exploitation · percentile 32.5% · 2026-06-19T12:03:05Z
Published2026-03-16
Last modified2026-03-17

Underlying weaknesses· 1

CWE-347

References

  1. https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681
  2. https://github.com/authlib/authlib/releases/tag/v1.6.9
  3. https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5

1

TypeTargetConfidenceTier
WeaknessImproper Verification of Cryptographic Signaturecwe-3470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-28802
CVE
CVE-2026-48526
CVE
CVE-2026-48523
CVE
CVE-2026-44681
CVE
CVE-2026-48522
CVE
CVE-2025-68158
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.