57 matches found
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of the PKCE S256 challenge during the OAuth2 token exchange process. An attacker can obtain access tokens without providing the expected code verifier by bypassing the intended...
CVE-2026-26247 Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange
Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...
CVE-2026-47775
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...
CVE-2026-47775
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...
CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...
PT-2026-52886
Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description The OAuth2 HTTP filter uses AES-256-CBC in its encrypt and decrypt functions without an authentication tag...
CVE-2026-41213
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...
Race Condition
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Race Condition through a race condition in the OAuth token exchange. An attacker can obtain multiple valid token pairs by making concurrent requests using the same authorization code and PKCE verifier. Remediation...
GHSA-WXW3-Q3M9-C3JR Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE
Am I affected? Users are affected if all of the following are true: - The application uses better-auth at a version below 1.6.2 or @better-auth/sso paired with such a version. - betterAuth account: storeStateStrategy is set to "cookie". The default "database" is not affected. - The application...
CVE-2026-41213 @node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...
CVE-2026-41213
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...
EUVD-2026-25272
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...
CVE-2026-41213
The CVE concerns @node-oauth/oauth2-server, a Node.js OAuth2 server module. The token exchange path accepts RFC7636-invalid code_verifier values for S256 PKCE flows (including one-character verifiers). The underlying cause is that ABNF enforcement for code_verifier is not performed during token e...
CVE-2026-41213 @node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...
PT-2026-34722
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code verifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...
@node-oauth/oauth2-server 安全漏洞
@node-oauth/oauth2-server is an open-source Node.js OAuth2 server implementation that adheres to RFC standards. @node-oauth/oauth2-server has a security vulnerability; this vulnerability stems from the token exchange path accepting an invalid codeverifier value according to RFC7636, which may lea...
CVE-2026-40948
The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...
BIT-AUTHENTIK-2023-48228 OAuth2: PKCE can be fully circumvented
authentik is an open-source identity provider. When initialising a oauth2 flow with a codechallenge and codemethod thus requesting PKCE, the single sign-on provider authentik must check if there is a matching and existing codeverifier during the token step. Prior to versions 2023.10.4 and 2023.8....
Improper Validation of Unsafe Equivalence in Input
Overview @node-oauth/oauth2-server is a Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the token process. An attacker can obtain...
GHSA-JHM7-29PJ-4XVF @node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes
Summary The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the authorization code, an attacker who intercepts an authorization code can...