Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 544
Alerts This Week
Warning Icon 1 544

Ubuntu 26.04 Authlib Important JWT Bypass and CSRF Vulnerities USN-8557-1

ubuntu
Calendar Grey July 16, 2026
Scroller Ubuntu Esm H88
Multiple security flaws in Authlib fixed, affecting several Ubuntu versions. Update recommended for safety against attacks.
Several security issues were fixed in Authlib.

Summary

Several security issues were fixed in Authlib.

Software Description:

- python-authlib: Python library for building OAuth and OpenID Connect servers

Details:

Jay Neiva and Mauro Carrillo discovered that Authlib did not properly

validate cryptographic keys embedded in JWT headers. An attacker could

possibly use this issue to forge trusted tokens, resulting in

authentication and authorization bypass. (CVE-2026-27962)

Jay Neiva and Mauro Carrillo discovered that Authlib incorrectly handled

RSA1_5 encrypted tokens. An attacker could possibly use this issue to

recover sensitive encrypted information, resulting in information

disclosure. (CVE-2026-28490)

Jay Neiva and Mauro Carrillo discovered that Authlib did not properly

reject unsupported cryptographic algorithms when validating OpenID

Connect ID tokens. An attacker could possibly use this issue to bypass

token integrity checks, resulting in authentication bypass.

(CVE-2026-28498)

Johnny Deuss discovered that Authlib did not prov...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  python3-authlib                 1.6.7-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 24.04 LTS
  python3-authlib                 1.3.0-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  python3-authlib                 0.15.5-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8557-1

CVE-2026-27962, CVE-2026-28490, CVE-2026-28498, CVE-2026-41425

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8557-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.