Description
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algorithm. Authlib registers RSA1_5 in its default algorithm registry without requiring explicit opt-in, and actively destroys the constant-time Bleichenbacher mitigation that the underlying cryptography library implements correctly. This issue has been patched in version 1.6.9.
Published: 2026-03-16
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Breach
Action: Immediate Patch
AI Analysis

Impact

Authlib is a Python library that implements OAuth and OpenID Connect servers. A cryptographic padding oracle vulnerability was found in the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algorithm. The library registers RSA1_5 by default without explicit opt‑in and removes the constant‑time Bleichenbacher mitigation that the underlying cryptography library otherwise provides. As a result, an attacker who can influence the processing of a JWE token can, by exploiting the padding oracle, recover plaintext data or keys, leading to a confidentiality breach and potential further compromise of the system.

Affected Systems

The vulnerability affects the Authlib Python library (authlib:authlib). All versions before 1.6.9 are impacted. The security advisory lists v1.6.9 and later as the fixed release.

Risk and Exploitability

The CVSS score is 8.3, indicating a high severity. The EPSS score is less than 1 %, suggesting a low probability of exploitation at the present time. It is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is likely remote: an adversary can craft a JWE token processed by the vulnerable library and repeatedly submit modified ciphertexts to observe padding error responses. Observation of the success of padding operations would allow reconstruction of the underlying plaintext or key material. This exploitation requires the attacker to have the ability to submit JWE requests to an application that uses Authlib.

Generated by OpenCVE AI on March 17, 2026 at 22:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Authlib to v1.6.9 or later.
  • Disable or remove the RSA1_5 algorithm from the application's JWE key management registry if it is not required.
  • Verify that your application does not use the RSA1_5 algorithm by reviewing the key management configuration.
  • Test your JWE handling after the upgrade to ensure padding oracle mitigation is active.

Generated by OpenCVE AI on March 17, 2026 at 22:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7432-952r-cw78 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
History

Tue, 17 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:authlib:authlib:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Authlib
Authlib authlib
Vendors & Products Authlib
Authlib authlib

Tue, 17 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-325
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Moderate

Mon, 16 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algorithm. Authlib registers RSA1_5 in its default algorithm registry without requiring explicit opt-in, and actively destroys the constant-time Bleichenbacher mitigation that the underlying cryptography library implements correctly. This issue has been patched in version 1.6.9.
Title Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
Weaknesses CWE-203
CWE-327
References
Metrics cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Authlib Authlib
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-16T18:17:35.003Z

Reserved: 2026-02-27T20:57:47.707Z

Link: CVE-2026-28490

cve-icon Vulnrichment

Updated: 2026-03-16T18:17:25.466Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T18:16:07.557

Modified: 2026-03-17T20:45:45.573

Link: CVE-2026-28490

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-16T17:37:57Z

Links: CVE-2026-28490 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:50:05Z

Weaknesses