Cyber Resilience

CVE-2026-28498

HighPublic PoCUpdated

Published: 16 March 2026

Published
16 March 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0020 10.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-28498 is a high-severity Improper Validation of Integrity Check Value (CWE-354) vulnerability in Authlib Authlib. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-6 (Security and Privacy Function Verification).

Deeper analysis

CVE-2026-28498 is a library-level vulnerability in Authlib, a Python library used for building OAuth and OpenID Connect servers. Affecting versions prior to 1.6.9, the issue resides in the internal _verify_hash function, which validates the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims in OpenID Connect ID Tokens. When encountering an unsupported or unknown cryptographic algorithm specified in the alg header, the function exhibits fail-open behavior by silently returning True, allowing validation to pass despite the absence of proper integrity checks. This violates OIDC specifications and core cryptographic principles, as rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and mapped to CWE-354 (Improper Validation of Integrity Check Value) and CWE-573 (Improper Following of Specification by Caller).

Remote attackers without privileges can exploit this vulnerability over the network with low complexity. By crafting a forged ID Token containing an unrecognized alg header parameter, an attacker bypasses the mandatory hash verification for access tokens or authorization codes. This enables the acceptance of tampered tokens, potentially leading to unauthorized access or further compromise within OAuth/OIDC flows dependent on Authlib's validation.

The vulnerability has been addressed in Authlib version 1.6.9, as detailed in the project's security advisory (GHSA-m344-f55w-2m6j), release notes, and the patching commit (b9bb2b25bf8b7e01512d847a95c1749646eaa72b). Security practitioners should upgrade to 1.6.9 or later and review deployments relying on Authlib for OIDC token handling.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification…

more

logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1606 Forge Web Credentials Credential Access
Adversaries may forge credential materials that can be used to gain access to web applications or Internet services.
Why these techniques?

The vulnerability enables remote attackers to craft and submit forged ID Tokens (bypassing at_hash/c_hash validation via fail-open on unknown alg) against OIDC servers, directly facilitating T1190 (exploitation of public-facing apps for unauthorized access) and T1606 (forging web credentials/tokens to impersonate users).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27962Same product: Authlib Authlib
CVE-2026-28802Same product: Authlib Authlib
CVE-2025-68158Same product: Authlib Authlib
CVE-2026-41583Shared CWE-573
CVE-2026-32600Shared CWE-354
CVE-2026-32313Shared CWE-354
CVE-2026-33026Shared CWE-354
CVE-2026-28402Shared CWE-354
CVE-2026-31839Shared CWE-354
CVE-2023-48795Shared CWE-354

Affected Assets

authlib
authlib
≤ 1.6.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely patching of Authlib to version 1.6.9 or later, correcting the fail-open behavior in ID token hash verification.

preventdetect

Enforces proper software and information integrity checks for OIDC ID tokens, including at_hash and c_hash claims, to prevent acceptance of forged tokens with unsupported algorithms.

preventdetect

Verifies the security functions in Authlib's _verify_hash logic perform correctly, ensuring rejection of ID tokens with unrecognized alg parameters.

References