CVE-2026-42560
The CVE describes a vulnerability in the Patreon OAuth provider used by github.com/go-pkgz/auth, where the mapUser logic computes a local user ID from an uninitialized field, causing every Patreon-authenticated user to share the same local identity. The GHSA advisory details show the code path wh...