CVE-2026-47775

Envoy OAuth2 filter vulnerability (CVE-2026-47775): prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the encrypt()/decrypt() path uses AES-256-CBC without an authentication tag (no HMAC/AEAD), enabling a padding oracle via the /callback endpoint. An attacker with the encrypted CodeVerifier ...

Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE

Am I affected? Users are affected if all of the following are true: - The application uses better-auth at a version below 1.6.2 or @better-auth/sso paired with such a version. - betterAuth account: storeStateStrategy is set to "cookie". The default "database" is not affected. - The application...

CVE-2026-41213

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

Design/Logic Flaw

authentik is an open-source identity provider. When initialising a oauth2 flow with a codechallenge and codemethod thus requesting PKCE, the single sign-on provider authentik must check if there is a matching and existing codeverifier during the token step. Prior to versions 2023.10.4 and 2023.8....

CVE-2023-48228 OAuth2: PKCE can be fully circumvented

authentik is an open-source identity provider. When initialising a oauth2 flow with a codechallenge and codemethod thus requesting PKCE, the single sign-on provider authentik must check if there is a matching and existing codeverifier during the token step. Prior to versions 2023.10.4 and 2023.8....