CVE-2026-28802
JWT None Algorithm Signature Bypass in Authlib OAuth Server
Publication date: 2026-03-06
Last updated on: 2026-03-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| authlib | authlib | From 1.6.5 (inc) to 1.6.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-28802 is a vulnerability in the Python library Authlib, which is used to build OAuth and OpenID Connect servers. The issue occurs in versions 1.6.5 and 1.6.6, where the library incorrectly accepts JSON Web Tokens (JWTs) that use the "none" algorithm with an empty signature as valid. This means that tokens without any cryptographic signature can bypass signature verification, allowing attackers to forge tokens.'}, {'type': 'paragraph', 'content': 'The vulnerability originated from a change that allowed the "none" algorithm to be accepted if the signature was empty, which was not the expected behavior. Normally, unsigned tokens should be rejected, but in these versions, they were accepted without any changes needed in the application code.'}, {'type': 'paragraph', 'content': 'This flaw was fixed in version 1.6.7 by removing the "none" algorithm from the default JWT processing and isolating its use to controlled scenarios only.'}] [1, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can have serious security impacts including authentication bypass and privilege escalation. Because the library accepts unsigned JWTs with the "none" algorithm, an attacker can forge tokens that appear valid without possessing any secret or private key.'}, {'type': 'paragraph', 'content': 'As a result, attackers can gain unauthorized access to protected resources, impersonate users, or escalate their privileges (for example, gaining admin rights) within applications that rely on Authlib for authentication or authorization.'}, {'type': 'paragraph', 'content': 'This can lead to unauthorized data access, modification of application data, and compromise of the overall security of the system.'}] [3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves accepting JWT tokens with the header field "alg" set to "none" and an empty signature, which bypasses signature verification. To detect this on your system or network, you should monitor JWT tokens being processed by your Authlib-based applications and check for tokens where the "alg" header is "none" and the signature part is empty.'}, {'type': 'paragraph', 'content': 'A practical approach is to capture JWT tokens and decode their headers to identify any tokens using the "none" algorithm. For example, you can decode JWT tokens using base64url decoding on the header part and inspect the "alg" field.'}, {'type': 'paragraph', 'content': 'Suggested commands (assuming you have JWT tokens in a variable or file):'}, {'type': 'list_item', 'content': 'Extract the JWT header (first part before the first dot) and decode it using base64url decoding.'}, {'type': 'list_item', 'content': 'Example using command line tools (bash):'}, {'type': 'list_item', 'content': '```bash\nTOKEN="<your_jwt_token_here>"\nHEADER=$(echo $TOKEN | cut -d \'.\' -f1)\n# Decode base64url (replace - with + and _ with /, pad with = if needed)\nHEADER_DECODED=$(echo $HEADER | tr \'_-\' \'/+\' | sed \'s/\\(.*\\)/\\1==/\' | base64 -d)\necho $HEADER_DECODED\n```'}, {'type': 'list_item', 'content': 'Check if the decoded header contains "alg":"none".'}, {'type': 'paragraph', 'content': 'If you find tokens with "alg":"none" and an empty signature (the part after the second dot is empty), this indicates the vulnerability might be exploited or present.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The vulnerability has been patched in Authlib version 1.6.7 by removing the "none" algorithm from the default JWT instance, preventing unsigned JWT tokens from bypassing signature verification.'}, {'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Upgrade Authlib to version 1.6.7 or later, which contains the fix that disables the "none" algorithm by default.'}, {'type': 'list_item', 'content': 'If upgrading immediately is not possible, explicitly configure your JWT processing to disallow the "none" algorithm by not including it in the allowed algorithms list.'}, {'type': 'list_item', 'content': 'Audit your application code to ensure that JWT tokens are verified using secure algorithms only (e.g., HS256, RS256) and that tokens with "alg":"none" are rejected.'}, {'type': 'list_item', 'content': 'Review and monitor authentication logs for any suspicious tokens using the "none" algorithm.'}] [2, 3]