UBUNTU-CVE-2026-54431

Source
https://ubuntu.com/security/CVE-2026-54431
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54431.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-54431
Upstream
Published
2026-07-02T11:16:00Z
Modified
2026-07-09T15:21:03Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify() function returns success for a malformed DPoP proof that embeds the private Elliptic Curve (EC) key in the header. This issue was fixed in version 2.3.0

References

Affected packages

Ubuntu:22.04:LTS / liboauth2

Package

Name
liboauth2
Purl
pkg:deb/ubuntu/liboauth2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.4.0.1-1
1.4.3.2-1
1.4.3.2-2
1.4.3.2-3
1.4.3.2-3ubuntu1
1.4.3.2-4
1.4.4-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "liboauth2-0",
            "binary_version": "1.4.4-1"
        },
        {
            "binary_name": "liboauth2-apache0",
            "binary_version": "1.4.4-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54431.json"

Ubuntu:24.04:LTS / liboauth2

Package

Name
liboauth2
Purl
pkg:deb/ubuntu/liboauth2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.5.1-3
1.5.2-1
1.6.0-1
1.6.0-1build1
1.6.0-1build3
1.6.0-1build4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "liboauth2-0",
            "binary_version": "1.6.0-1build4"
        },
        {
            "binary_name": "liboauth2-apache0",
            "binary_version": "1.6.0-1build4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54431.json"

Ubuntu:25.10 / liboauth2

Package

Name
liboauth2
Purl
pkg:deb/ubuntu/liboauth2?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.1.0-1
2.1.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "liboauth2-0",
            "binary_version": "2.1.0-2"
        },
        {
            "binary_name": "liboauth2-apache0",
            "binary_version": "2.1.0-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54431.json"

Ubuntu:26.04:LTS / liboauth2

Package

Name
liboauth2
Purl
pkg:deb/ubuntu/liboauth2?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.1.0-2
2.1.1-1
2.2.0-1
2.2.0-2ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "liboauth2-1",
            "binary_version": "2.2.0-2ubuntu1"
        },
        {
            "binary_name": "liboauth2-apache1",
            "binary_version": "2.2.0-2ubuntu1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54431.json"