{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T20:33:35.600","vulnerabilities":[{"cve":{"id":"CVE-2026-27962","sourceIdentifier":"security-advisories@github.com","published":"2026-03-16T18:16:07.383","lastModified":"2026-03-17T20:46:48.053","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic key embedded in the attacker-controlled JWT jwk header field. An attacker can sign a token with their own private key, embed the matching public key in the header, and have the server accept the forged token as cryptographically valid — bypassing authentication and authorization entirely. This issue has been patched in version 1.6.9."},{"lang":"es","value":"Authlib es una biblioteca de Python que construye servidores OAuth y OpenID Connect. Antes de la versión 1.6.9, una vulnerabilidad de inyección de encabezado JWK en la implementación JWS de authlib permite a un atacante no autenticado falsificar tokens JWT arbitrarios que pasan la verificación de firma. Cuando se pasa key=None a cualquier función de deserialización JWS, la biblioteca extrae y utiliza la clave criptográfica incrustada en el campo de encabezado jwk del JWT controlado por el atacante. Un atacante puede firmar un token con su propia clave privada, incrustar la clave pública correspondiente en el encabezado y hacer que el servidor acepte el token falsificado como criptográficamente válido — eludiendo la autenticación y la autorización por completo. Este problema ha sido parcheado en la versión 1.6.9."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:authlib:authlib:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.9","matchCriteriaId":"8C677FEC-2094-49D8-ABAB-F740B6F83D38"}]}]}],"references":[{"url":"https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/authlib/authlib/releases/tag/v1.6.9","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}