CVE-2025-64762

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

CVE-2025-64762

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

EUVD-2025-198354

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

CVE-2025-64762

Summary: The vulnerability CVE-2025-64762 affects the authkit-nextjs package (versions ≤ 2.11.0). Authenticated responses in these versions do not apply anti-caching headers, allowing session tokens to be cached by CDNs and potentially exposed to other users. The issue is resolved in 2.11.1, whic...

AuthKit Next.js Library 安全漏洞

AuthKit Next.js Library is a WorkOS open source AuthKit library for Next.js. A security vulnerability exists in AuthKit Next.js Library version 2.11.0 and earlier, which stems from an unapplied anti-caching header that could lead to session token disclosure...

authkit-nextjs may let session cookies be cached in CDNs

In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...

GHSA-P8PF-44FF-93GF authkit-nextjs may let session cookies be cached in CDNs

In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...

GHSA-5WMG-9CVH-QW25 @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

Impact Refresh tokens are logged to the console when the disabled by default debug flag, is enabled. Patches Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2...

@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

Impact Refresh tokens are logged to the console when the disabled by default debug flag, is enabled. Patches Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2...

AuthKit Next.js Library 日志信息泄露漏洞

AuthKit Next.js Library is an open source Next.js AuthKit library for WorkOS. A logging information disclosure vulnerability exists in the AuthKit Next.js Library, where a refresh token is logged to the console when the "debug" flag is enabled, which is disabled by default...