debian · CVE-2026-28802

Quick triage

Priority: unimportant Published: Updated: Tue, 30 Jun 2026 01:59:28 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2026-28802 unimportant priority: Debian including 1 source packages (python-authlib), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 4, open 1.

Description:

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.. This issue has been patched in version 1.6.7.

cvelogic Threat Intelligence