PT-2026-46307
Name of the Vulnerable Software and Affected Versions Better Auth versions 1.6.0 through 1.6.10 Description The deviceAuthorization plugin incorrectly treats any authenticated session as the owner of any pending device code. This occurs because the GET /device endpoint does not claim the row, and...