EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle Severity: high Identifiers: [{"cve_id": "CVE-2026-28490"}, {"identifiers": [{"value": "GHSA-7432-952r-cw78", "type": "GHSA"}, {"value": "CVE-2026-28490", "type": "CVE"}]}].

github
open_cryptographic_verification
Evidence locked
Today's free sample is only available for the edition's flagship signal.
BackUnlock Pro
Evidence preview
  • Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding
    github_advisories
  • Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
    github_advisories
  • Authlib JWS JWK Header Injection: Signature Verification Bypass
    github_advisories