Known Vulnerabilities for Openid Connect by Openid

Listed below are 1 of the newest known vulnerabilities associated with "Openid Connect" by "Openid".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-53661 json Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity ... Not Provided 2026-06-11 2026-06-11
CVE-2026-49757 json Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via ... Not Provided 2026-06-15 2026-06-15
CVE-2026-44681 json Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open... Not Provided 2026-05-27 2026-06-02
CVE-2026-44394 json An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propag... Not Provided 2026-05-28 2026-05-28
CVE-2026-44087 json Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default confi... Not Provided 2026-06-19 2026-06-22
CVE-2026-42604 json Actual is a local-first personal finance tool. The `POST /openid/config` endpoint in Actual Budget's sync-server versions <= ... Not Provided 2026-06-12 2026-06-15
CVE-2026-41479 json Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 aut... Not Provided 2026-06-22 2026-06-23
CVE-2026-41425 json Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on th... Not Provided 2026-04-24 2026-04-27
CVE-2026-37979 json A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpo... Not Provided 2026-05-19 2026-05-20
CVE-2026-33318 json Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can e... Not Provided 2026-04-24 2026-04-25

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpenidOpenid Connect1.7.0
ApplicationOpenidOpenid Connect1.6.3
ApplicationOpenidOpenid Connect1.6.2
ApplicationOpenidOpenid Connect1.6.1
ApplicationOpenidOpenid Connect1.6.0
ApplicationOpenidOpenid Connect1.5.5
ApplicationOpenidOpenid Connect1.5.4
ApplicationOpenidOpenid Connect1.5.3
ApplicationOpenidOpenid Connect1.5.2
ApplicationOpenidOpenid Connect1.5.1
ApplicationOpenidOpenid Connect1.5.0
ApplicationOpenidOpenid Connect1.4.0
ApplicationOpenidOpenid Connect1.3.0
ApplicationOpenidOpenid Connect1.2.0
ApplicationOpenidOpenid Connect1.1.2
ApplicationOpenidOpenid Connect1.1.1
ApplicationOpenidOpenid Connect1.1.0
ApplicationOpenidOpenid Connect1.0.1
ApplicationOpenidOpenid Connect1.0.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report