Authlib JWS JWK Header Injection Unauth JWT Forgery, fixed 1.6.9
CVE-2026-27962 Published on March 16, 2026
Authlib JWS JWK Header Injection: Signature Verification Bypass
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic key embedded in the attacker-controlled JWT jwk header field. An attacker can sign a token with their own private key, embed the matching public key in the header, and have the server accept the forged token as cryptographically valid bypassing authentication and authorization entirely. This issue has been patched in version 1.6.9.
Vulnerability Analysis
CVE-2026-27962 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. An automatable proof of concept (POC) exploit exists. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Products Associated with CVE-2026-27962
Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.
Affected Versions
authlib:- Version < 1.6.9 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2026-27962
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| pip | authlib | <= 1.6.8 | 1.6.9 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.