Lucene search
+L

95 matches found

nvd
nvd
added yesterday6 views

CVE-2026-53517

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS0.00029EPSS
Exploits0References3
nvd
nvd
added yesterday5 views

CVE-2026-53518

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS0.00029EPSS
Exploits0References3
nvd
nvd
added yesterday4 views

CVE-2026-53512

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the legacy oidcProvider and mcp plugins expose OAuth token endpoints whose refreshtoken grant authenticates only possession of the bound refreshToken row and matching clientid, without verifying the...

9.1CVSS0.00013EPSS
Exploits0References4
nvd
nvd
added yesterday5 views

CVE-2026-53516

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the OAuth provider asserts emailverified: true without requiring the local user row's emailVerified...

8.3CVSS0.00019EPSS
Exploits0References4
nvd
nvd
added yesterday6 views

CVE-2026-45337

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the deviceAuthorization plugin treats any authenticated session as the owner of any pending device code because GET /device does not claim the row and POST /device/approve and POST /device/deny...

7.6CVSS0.00017EPSS
Exploits0References4
euvd
euvd
added yesterday4 views

EUVD-2026-44745

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References3
cve
cve
added yesterday31 views

CVE-2026-45337

Better Auth (TypeScript library) vulnerability CVE-2026-45337 affects versions 1.6.0–1.6.10 in the deviceAuthorization plugin. The root cause is that the verification path does not claim ownership of the pending device code and the approve/deny checks short-circuit when userId is unset, allowing ...

7.6CVSS6.2AI score0.00017EPSS
Exploits0References4
euvd
euvd
added yesterday4 views

EUVD-2026-44740

Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin's POST /sso/register endpoint lets any organization member attach a new SSO provider to that organization because registerSSOProvider checks only for a membership row a...

7.1CVSS6.1AI score0.00028EPSS
Exploits0References4
attackerkb
attackerkb
added yesterday4 views

CVE-2026-53518

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS6.1AI score0.00029EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added yesterday17 views

CVE-2026-53518 Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Use Code Redemption

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS0.00029EPSS
Exploits0References3
euvd
euvd
added yesterday4 views

EUVD-2026-44733

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS6.1AI score0.00025EPSS
Exploits0References4
cve
cve
added yesterday27 views

CVE-2026-53513

CVE-2026-53513 affects the @better-auth/sso plugin for Better Auth. When skipDiscovery: true is set, POST /sso/register and POST /sso/update-provider may store attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs without origin validation, leading to server-side r...

9.6CVSS6.1AI score0.00025EPSS
Exploits0References4
cve
cve
added yesterday10 views

CVE-2026-53516

Summary: CVE-2026-53516 affects Better Auth (

8.3CVSS6.1AI score0.00019EPSS
Exploits0References4
cvelist
cvelist
added yesterday17 views

CVE-2026-53516 Better Auth: Account takeover via OAuth auto-link to unverified pre-registered email

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the OAuth provider asserts emailverified: true without requiring the local user row's emailVerified...

8.3CVSS0.00019EPSS
Exploits0References4
snyk
snyk
added 2026/07/07 8:56 p.m.5 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the authorizationcode grant handler. An attacker can obtain multiple valid access...

7.6CVSS6.2AI score0.00029EPSS
Exploits0References4
snyk
snyk
added 2026/07/07 8:55 p.m.4 views

Insufficient Session Expiration

Overview @better-auth/oauth-provider is an An oauth provider plugin for Better Auth Affected versions of this package are vulnerable to Insufficient Session Expiration through the POST /oauth2/token endpoint during the refresh token granting. An attacker can gain unauthorized access by exploiting...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References5
snyk
snyk
added 2026/07/07 8:55 p.m.6 views

Insufficient Session Expiration

Overview @better-auth/memory-adapter is a Memory adapter for Better Auth Affected versions of this package are vulnerable to Insufficient Session Expiration through the POST /oauth2/token endpoint during the refresh token granting. An attacker can gain unauthorized access by exploiting a race...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References5
github
github
added 2026/07/07 8:55 p.m.9 views

Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption

Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0. - At least one OAuth client served by their application's authorization server requests the offlineaccess scope, so refresh token...

8.1CVSS5.9AI score0.00029EPSS
Exploits0References4Affected Software2
patchstack
patchstack
added 2026/07/07 8:55 p.m.6 views

NPM: Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email

NPM: Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.11...

8.3CVSS5.9AI score0.00019EPSS
Exploits0References3Affected Software1
github
github
added 2026/07/07 8:55 p.m.6 views

Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth at a version 1.6.11 on the stable line, or any current next pre-release. - emailAndPassword.enabled: true is set in their application's betterAuth ... configuration. - At least one OAuth or SS...

8.3CVSS5.9AI score0.00019EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder