VDB
CVE-2026-41425
CVE-2026-41425
PUBLISHED
CVSS 5.400000095367432 MEDIUM
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11.
EPSS 0.02% · 4.2th percentile
Risk Scores
CVSS v3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
0.02%
4.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| authlib | authlib | < 1.6.11 |
Timeline
- Apr 16, 2026 CVE Published
- Apr 25, 2026 Security Advisory
- Apr 28, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score