CNNVD-202601-1416 Information

CNNVD ID

CNNVD-202601-1416

Related CVE

CVE-2025-68158

• CNNVD Published: 2026-01-08

Description (Chinese)

Authlib是Authlib开源的一个构建 OAuth 和 OpenID Connect 服务器的终极 Python 库。 Authlib 1.6.5及之前版本存在安全漏洞，该漏洞源于缓存支持的状态存储未绑定到发起用户会话，可能导致CSRF攻击。

Description (English)

Authlib is the ultimate Python library for building the OAuth and OpenID Connect servers. There is a security loophole in Authlib 1.6.5 and earlier versions, which stems from the fact that the cache-supported state storage has not been tied to the initiating user session, which could lead to an CSRF attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Authlib

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489 https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228 https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523