CVE-2026-16206 | django-oauth django-oauth-toolkit 3.3.0 oauth2_validators.py _load_id_token session expiration (Issue 1715)

SecurityVulns

A vulnerability was found in django-oauth django-oauth-toolkit 3.3.0. It has been classified as critical. This issue affects the function _load_id_token of the file oauth2_provider/oauth2_validators.py. The manipulation leads to session expiration.

This vulnerability is documented as CVE-2026-16206. The attack can be initiated remotely. There is not any exploit available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More