CVE-2026-28490

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.9

Description Authlib, a Python library for building OAuth and OpenID Connect servers, contains a cryptographic padding oracle vulnerability in the implementation of the JSON Web Encryption (JWE) RSA1 5 key management algorithm. The library registers RSA1 5 in its default algorithm registry without requiring explicit opt-in and disables the constant-time Bleichenbacher mitigation implemented by the underlying cryptography library. This allows an attacker to exploit a weakness in the padding process to potentially decrypt encrypted keys. The vulnerability arises because Authlib raises a specific exception ('ValueError: Invalid "cek" length') when the padding is invalid, creating a distinguishable path from a valid padding scenario. This exception oracle, combined with the default configurations of common Python web frameworks (Flask, Django, and FastAPI), enables exploitation without additional server misconfiguration. The issue is present in versions prior to 1.6.9.

Recommendations Update Authlib to version 1.6.9 or later.