Open Redirect Vulnerability in Authlib Python Library
CVE-2026-41479

5.4MEDIUM

Key Information:

Vendor: Authlib
Status: Authlib
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-41479?

The Authlib library, used for building OAuth and OpenID Connect servers, suffers from a vulnerability that allows an open redirect when unsupported response_type values are used along with a malicious redirect_uri. This flaw occurs before any client validation, meaning that attackers can exploit the authorization endpoint without a valid client registration or prior authentication. One unauthorized request can redirect users to any arbitrary URL, posing risks of phishing and other attacks. Versions 1.6.10 and 1.7.1 address and remediate this vulnerability effectively.

Affected Version(s)

authlib < 1.6.10 < 1.6.10

authlib = 1.7.0 = 1.7.0

References

https://github.com/authlib/authlib/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/authlib/authlib/commit/3be08468201a776...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41479 Data

JSON