CVE-2026-28498

HighPublic PoC

Published: 16 March 2026

Published

16 March 2026

Modified

17 March 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score 0.0002 6.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28498 is a high-severity Improper Validation of Integrity Check Value (CWE-354) vulnerability in Authlib Authlib. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-6 (Security and Privacy Function Verification).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the vulnerability by requiring timely patching of Authlib to version 1.6.9 or later, correcting the fail-open behavior in ID token hash verification.

SI-7 Software, Firmware, and Information Integrity good match

preventdetect

Enforces proper software and information integrity checks for OIDC ID tokens, including at_hash and c_hash claims, to prevent acceptance of forged tokens with unsupported algorithms.

SI-6 Security and Privacy Function Verification good match

preventdetect

Verifies the security functions in Authlib's _verify_hash logic perform correctly, ensuring rejection of ID tokens with unrecognized alg parameters.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1606 Forge Web Credentials Credential Access

Adversaries may forge credential materials that can be used to gain access to web applications or Internet services.

attack.mitre.org →

Why these techniques?

The vulnerability enables remote attackers to craft and submit forged ID Tokens (bypassing at_hash/c_hash validation via fail-open on unknown alg) against OIDC servers, directly facilitating T1190 (exploitation of public-facing apps for unauthorized access) and T1606 (forging web credentials/tokens to impersonate users).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification…

logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9.

Deeper analysisAI

CVE-2026-28498 is a library-level vulnerability in Authlib, a Python library used for building OAuth and OpenID Connect servers. Affecting versions prior to 1.6.9, the issue resides in the internal _verify_hash function, which validates the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims in OpenID Connect ID Tokens. When encountering an unsupported or unknown cryptographic algorithm specified in the alg header, the function exhibits fail-open behavior by silently returning True, allowing validation to pass despite the absence of proper integrity checks. This violates OIDC specifications and core cryptographic principles, as rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and mapped to CWE-354 (Improper Validation of Integrity Check Value) and CWE-573 (Improper Following of Specification by Caller).

Remote attackers without privileges can exploit this vulnerability over the network with low complexity. By crafting a forged ID Token containing an unrecognized alg header parameter, an attacker bypasses the mandatory hash verification for access tokens or authorization codes. This enables the acceptance of tampered tokens, potentially leading to unauthorized access or further compromise within OAuth/OIDC flows dependent on Authlib's validation.

The vulnerability has been addressed in Authlib version 1.6.9, as detailed in the project's security advisory (GHSA-m344-f55w-2m6j), release notes, and the patching commit (b9bb2b25bf8b7e01512d847a95c1749646eaa72b). Security practitioners should upgrade to 1.6.9 or later and review deployments relying on Authlib for OIDC token handling.