2 matches found
Incorrect Authorization
Clerk is vulnerable to Incorrect Authorization. The vulnerability is due to improper request matching in createRouteMatcher, which allows an attacker to craft requests that bypass middleware protection and access downstream handlers...
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...