๐Ÿ” CVE Alert

CVE-2026-16206

MEDIUM 6.3

django-oauth django-oauth-toolkit oauth2_validators.py _load_id_token session expiration

CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th

A security vulnerability has been detected in django-oauth django-oauth-toolkit 3.3.0. This issue affects the function _load_id_token of the file oauth2_provider/oauth2_validators.py. The manipulation leads to session expiration. The attack can be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.

CWE CWE-613
Vendor django-oauth
Product django-oauth-toolkit
Published Jul 19, 2026
Stay Ahead of the Next One

Get instant alerts for django-oauth django-oauth-toolkit

Be the first to know when new medium vulnerabilities affecting django-oauth django-oauth-toolkit are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

django-oauth / django-oauth-toolkit
3.3.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/380022 vuldb.com: https://vuldb.com/vuln/380022/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16206 vuldb.com: https://vuldb.com/submit/857897 vuldb.com: https://vuldb.com/submit/857923 github.com: https://github.com/django-oauth/django-oauth-toolkit/issues/1715 github.com: https://github.com/django-oauth/django-oauth-toolkit/

Credits

๐Ÿ” Galaxyn (VulDB User) VulDB CNA Team