Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-24T19:14:37 authlib: Authlib: Cross-Site Request Forgery (CSRF) vulnerability in OAuth cache feature 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CWE-807

A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker could exploit a missing Cross-Site Request Forgery (CSRF) protection on the cache feature within `authlib.integrations.starlette_client.OAuth`. This vulnerability allows an attacker to trick an authenticated user into performing unintended actions, potentially leading to unauthorized information disclosure or data manipulation.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Migration Toolkit for Applications 8 Fix deferred mta/mta-solution-server-rhel9 Red Hat Ansible Automation Platform 2 Fix deferred ansible-automation-platform-26/lightspeed-chatbot-rhel9 Red Hat Quay 3 Fix deferred quay/quay-rhel8 Red Hat Quay 3 Fix deferred quay/quay-rhel9 Red Hat Satellite 6 Fix deferred satellite/foreman-mcp-server-rhel9 https://www.cve.org/CVERecord?id=CVE-2026-41425 https://nvd.nist.gov/vuln/detail/CVE-2026-41425 https://github.com/authlib/authlib/security/advisories/GHSA-jj8c-mmj3-mmgv