CVE-2026-53517 in better-auth정보

요약

\~에 의해 MITRE • 2026. 07. 15.

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refresh_token grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing concurrent requests with the same parent refresh token to pass the revoked check and create forked refresh-token families; the vulnerable range also includes embedded better-auth plugin versions before 1.6.0. This issue is fixed in version 1.6.11.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

책임이 있는

GitHub M

예약하다

2026. 06. 09.

모더레이션

수락

항목

VDB-379355

EPSS

0.00000

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!