Weak Authentication

Overview Affected versions of this package are vulnerable to Weak Authentication due to improper validation of oauthuserid in the TokenGuard::authenticateViaBearerToken function. An attacker can gain unauthorized access to unrelated user accounts by presenting a machine-to-machine token with a...

CVE-2026-39976

Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for clientcredentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value ...

CVE-2026-39976 Laravel Passport's TokenGuard Authenticates Unrelated User for Client Credentials Tokens

Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for clientcredentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value ...

CVE-2026-39976

CVE-2026-39976 affects Laravel Passport's TokenGuard in versions 13.0.0–13.7.0. The underlying league/oauth2-server sets the JWT sub claim to the client identifier (no user) and TokenGuard passes this value to retrieveById() without validating that it is a user, allowing a client_credentials toke...

EUVD-2026-20970

Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for clientcredentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value ...

CVE-2026-39976

Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for clientcredentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value ...

PT-2026-31663

Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client credentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value...

GHSA-349C-2H2F-MXF6 Laravel Passport: TokenGuard Authenticates Unrelated User for Client Credentials Tokens

Impact Authentication Bypass for clientcredentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value to retrieveById without validating it's actually a user identifier, potentially resolving an...

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions in the authentication process. An attacker can gain unauthorized access to user accounts by exploiting the handling of clientcredentials tokens, which may allow a client token to be misinterpreted as...

Authentication Bypass

Overview All versions of express-laravel-passport are vulnerable to an Authentication Bypass. The package fails to properly validate JWTs, allowing attackers to send HTTP requests impersonating other users. Recommendation Upgrade to version 2.0.5 or later. References - HackerOne Report - GitHub...

Node.js third-party modules: [express-laravel-passport] Improper Authentication

I would like to report Improper Authentication in express-laravel-passport It allows to forge user's identity Module module name: express-laravel-passport version: 1.1.2 npm page: https://www.npmjs.com/package/express-laravel-passport Module Description You want a middleware support express get...