Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The vulnerable behavior happens before client lookup and before any redirect URI validation. As a result, an attacker does not need a valid client registration, an authenticated user, or any prior state. A single request to the authorization endpoint is enough to obtain a 302 Location response to an arbitrary attacker-controlled URL. This vulnerability is fixed in 1.6.10 and 1.7.1.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41479.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-601"
]
}{
"cpe": [
"cpe:2.3:a:authlib:authlib:*:*:*:*:*:*:*:*",
"cpe:2.3:a:authlib:authlib:1.7.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.6.10"
},
{
"introduced": "1.7.0"
},
{
"last_affected": "1.7.0"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}