{"id":"ROOT-APP-PYPI-CVE-2026-28498","summary":"CVE-2026-28498 in rootio-Authlib - Patched by Root","details":"Root has patched CVE-2026-28498 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available.","modified":"2026-05-21T12:30:09.167774240Z","published":"2026-05-21T06:32:53Z","upstream":["CVE-2026-28498"],"database_specific":{"source":"Root","distro":"pypi","severity":"HIGH","distro_version":""},"affected":[{"package":{"name":"rootio-Authlib","ecosystem":"Root:PyPI"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15.5+root.io.5"},{"fixed":"1.6.0+root.io.3"},{"fixed":"1.6.3+root.io.4"},{"fixed":"1.6.5+root.io.3"},{"fixed":"1.6.1+root.io.3"},{"fixed":"0.15.5+root.io.6"},{"fixed":"1.6.0+root.io.4"},{"fixed":"1.6.3+root.io.5"},{"fixed":"1.6.5+root.io.4"},{"fixed":"1.6.1+root.io.4"},{"fixed":"0.15.5+root.io.7"},{"fixed":"0.15.5+root.io.8"},{"fixed":"1.6.5+root.io.5"},{"fixed":"1.6.1+root.io.5"},{"fixed":"1.6.6+root.io.1"},{"fixed":"1.6.6+root.io.2"},{"fixed":"1.6.6+root.io.3"},{"fixed":"1.6.6+root.io.4"}]}],"database_specific":{"source":"https://api.root.io/external/osv/ROOT-APP-PYPI-CVE-2026-28498.json","root_patch_version":"root.io.4","total_fixed_versions":18,"upstream_version":"1.6.6","all_fixed_versions":["0.15.5+root.io.5","1.6.0+root.io.3","1.6.3+root.io.4","1.6.5+root.io.3","1.6.1+root.io.3","0.15.5+root.io.6","1.6.0+root.io.4","1.6.3+root.io.5","1.6.5+root.io.4","1.6.1+root.io.4","0.15.5+root.io.7","0.15.5+root.io.8","1.6.5+root.io.5","1.6.1+root.io.5","1.6.6+root.io.1","1.6.6+root.io.2","1.6.6+root.io.3","1.6.6+root.io.4"],"root_patched":true}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}