EUVD-2026-11679

Tinyauth's OIDC authorization codes are not bound to client on token exchange...

Tinyauth 授权问题漏洞

Tinyauth is an authentication and authorization server developed by Stavros personally. Versions of Tinyauth prior to 5.0.3 had vulnerabilities related to authorization. This vulnerability stemmed from the OIDC authorization endpoint, which allowed users with pending TOTP sessions to obtain...

Tinyauth 安全漏洞

Tinyauth is an authentication and authorization server developed by Stavros personally. Versions of Tinyauth prior to 5.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the OIDC token endpoint not verifying the identity of the client requesting the exchange of...

PT-2026-25056

Name of the Vulnerable Software and Affected Versions Tinyauth versions prior to 5.0.3 Description Tinyauth is an authentication and authorization server. The OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization...

PT-2026-25055

Name of the Vulnerable Software and Affected Versions Tinyauth versions prior to 5.0.3 Description Tinyauth is an authentication and authorization server. The OIDC token endpoint does not verify that the client exchanging an authorization code is the same client to which the code was originally...