CVE-2026-28802
Received Received - Intake
JWT None Algorithm Signature Bypass in Authlib OAuth Server

Publication date: 2026-03-06

Last updated on: 2026-03-09

Assigner: GitHub, Inc.

Description
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.. This issue has been patched in version 1.6.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-28802
EUVD
EUVD-2026-10009
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
authlib authlib From 1.6.5 (inc) to 1.6.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-28802 is a vulnerability in the Python library Authlib, which is used to build OAuth and OpenID Connect servers. The issue occurs in versions 1.6.5 and 1.6.6, where the library incorrectly accepts JSON Web Tokens (JWTs) that use the "none" algorithm with an empty signature as valid. This means that tokens without any cryptographic signature can bypass signature verification, allowing attackers to forge tokens.'}, {'type': 'paragraph', 'content': 'The vulnerability originated from a change that allowed the "none" algorithm to be accepted if the signature was empty, which was not the expected behavior. Normally, unsigned tokens should be rejected, but in these versions, they were accepted without any changes needed in the application code.'}, {'type': 'paragraph', 'content': 'This flaw was fixed in version 1.6.7 by removing the "none" algorithm from the default JWT processing and isolating its use to controlled scenarios only.'}] [1, 3]

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can have serious security impacts including authentication bypass and privilege escalation. Because the library accepts unsigned JWTs with the "none" algorithm, an attacker can forge tokens that appear valid without possessing any secret or private key.'}, {'type': 'paragraph', 'content': 'As a result, attackers can gain unauthorized access to protected resources, impersonate users, or escalate their privileges (for example, gaining admin rights) within applications that rely on Authlib for authentication or authorization.'}, {'type': 'paragraph', 'content': 'This can lead to unauthorized data access, modification of application data, and compromise of the overall security of the system.'}] [3]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves accepting JWT tokens with the header field "alg" set to "none" and an empty signature, which bypasses signature verification. To detect this on your system or network, you should monitor JWT tokens being processed by your Authlib-based applications and check for tokens where the "alg" header is "none" and the signature part is empty.'}, {'type': 'paragraph', 'content': 'A practical approach is to capture JWT tokens and decode their headers to identify any tokens using the "none" algorithm. For example, you can decode JWT tokens using base64url decoding on the header part and inspect the "alg" field.'}, {'type': 'paragraph', 'content': 'Suggested commands (assuming you have JWT tokens in a variable or file):'}, {'type': 'list_item', 'content': 'Extract the JWT header (first part before the first dot) and decode it using base64url decoding.'}, {'type': 'list_item', 'content': 'Example using command line tools (bash):'}, {'type': 'list_item', 'content': '```bash\nTOKEN="<your_jwt_token_here>"\nHEADER=$(echo $TOKEN | cut -d \'.\' -f1)\n# Decode base64url (replace - with + and _ with /, pad with = if needed)\nHEADER_DECODED=$(echo $HEADER | tr \'_-\' \'/+\' | sed \'s/\\(.*\\)/\\1==/\' | base64 -d)\necho $HEADER_DECODED\n```'}, {'type': 'list_item', 'content': 'Check if the decoded header contains "alg":"none".'}, {'type': 'paragraph', 'content': 'If you find tokens with "alg":"none" and an empty signature (the part after the second dot is empty), this indicates the vulnerability might be exploited or present.'}] [3]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The vulnerability has been patched in Authlib version 1.6.7 by removing the "none" algorithm from the default JWT instance, preventing unsigned JWT tokens from bypassing signature verification.'}, {'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Upgrade Authlib to version 1.6.7 or later, which contains the fix that disables the "none" algorithm by default.'}, {'type': 'list_item', 'content': 'If upgrading immediately is not possible, explicitly configure your JWT processing to disallow the "none" algorithm by not including it in the allowed algorithms list.'}, {'type': 'list_item', 'content': 'Audit your application code to ensure that JWT tokens are verified using secure algorithms only (e.g., HS256, RS256) and that tokens with "alg":"none" are rejected.'}, {'type': 'list_item', 'content': 'Review and monitor authentication logs for any suspicious tokens using the "none" algorithm.'}] [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28802. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart