2 matches found
CVE-2026-45337
Better Auth (TypeScript library) vulnerability CVE-2026-45337 affects versions 1.6.0–1.6.10 in the deviceAuthorization plugin. The root cause is that the verification path does not claim ownership of the pending device code and the approve/deny checks short-circuit when userId is unset, allowing ...
PT-2026-46307
Name of the Vulnerable Software and Affected Versions Better Auth versions 1.6.0 through 1.6.10 Description The deviceAuthorization plugin incorrectly treats any authenticated session as the owner of any pending device code. This occurs because the GET /device endpoint does not claim the row, and...