CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1 matches found

CVE•added 2026/04/23 6:33 p.m.•28 views

CVE-2026-41213

The CVE concerns @node-oauth/oauth2-server, a Node.js OAuth2 server module. The token exchange path accepts RFC7636-invalid code_verifier values for S256 PKCE flows (including one-character verifiers). The underlying cause is that ABNF enforcement for code_verifier is not performed during token e...

5.9CVSS5.8AI score0.00259EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by