A security vulnerability has been detected in django-oauth django-oauth-toolkit 3.3.0. This issue affects the function _load_id_token of the file oauth2_provider/oauth2_validators.py. The manipulation leads to session expiration. The attack can be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
Affected Vendors & Products
References
History
Sun, 19 Jul 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A security vulnerability has been detected in django-oauth django-oauth-toolkit 3.3.0. This issue affects the function _load_id_token of the file oauth2_provider/oauth2_validators.py. The manipulation leads to session expiration. The attack can be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet. | |
| Title | django-oauth django-oauth-toolkit oauth2_validators.py _load_id_token session expiration | |
| First Time appeared |
Django-oauth
Django-oauth django-oauth-toolkit |
|
| Weaknesses | CWE-613 | |
| CPEs | cpe:2.3:a:django-oauth:django-oauth-toolkit:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Django-oauth
Django-oauth django-oauth-toolkit |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published: 2026-07-19T02:15:08.796Z
Updated: 2026-07-19T02:15:08.796Z
Reserved: 2026-07-18T08:23:11.906Z
Link: CVE-2026-16206
No data.
No data.
No data.