4 matches found
CVE-2026-42565
@workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is...
CVE-2026-42565 @workos/authkit-session: Open Redirect via state-derived redirect target
@workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is...
@mastra/auth-workos (>=0.0.0-a2a-vnext-20260424123427 <=1.2.0-alpha.0), @workos/authkit-sveltekit (>=0.0.1-alpha.0 <=0.2.0) +1 more potentially affected by CVE-2026-42565 via @workos/authkit-session (>=0.0.1-alpha.3 <=0.4.0)
@workos/authkit-session NPM version =0.0.1-alpha.3, =0.0.0-a2a-vnext-20260424123427, =0.0.1-alpha.0, =0.1.0, =0.6.0 Source cves: CVE-2026-42565 Source advisory: SNYK:JS-WORKOSAUTHKITSESSION-16425670...
@mastra/auth-workos (>=0.0.0-a2a-vnext-20260424123427 <=1.2.0-alpha.0), @workos/authkit-sveltekit (>=0.0.1-alpha.0 <=0.2.0) +1 more potentially affected by CVE-2026-42565 via @workos/authkit-session (>=0.0.1-alpha.3 <=0.4.0)
@workos/authkit-session NPM version =0.0.1-alpha.3, =0.0.0-a2a-vnext-20260424123427, =0.0.1-alpha.0, =0.1.0, =0.6.0 Source cves: CVE-2026-42565 Source advisory: OSV:GHSA-VVVV-983W-R7PV...