MEDIUM
authlib
CVE published 2026-05-27
CVE-2026-44681
## Summary Authlib versions prior to 1.6.12 and 1.7.1 contain an unauthenticated open redirect vulnerability in the OpenID Implicit Grant and OpenID Hybrid Grant authorization endpoints. A remote attacker can cause the authorization server to issue an HTTP 302 redirect to an attacker-controlled URL by submitting an authorization request that omits the `openid` scope. This vulnerability was published on 20 [truncated]