Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-5rr4-8452-hf4v | @better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints |
Wed, 15 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: true is set, store them on the ssoProvider row without origin validation, and fetch them during OIDC callback, allowing non-blind server-side request forgery and possible account linking when trustEmailVerified: true is configured. This issue is fixed in version 1.6.11. | |
| Title | Better Auth: Server-side request forgery via unvalidated OIDC endpoints on @better-auth/sso provider registration | |
| Weaknesses | CWE-20 CWE-345 CWE-441 CWE-918 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-15T19:29:02.266Z
Reserved: 2026-06-09T17:30:33.455Z
Link: CVE-2026-53513
Updated: 2026-07-15T19:28:56.523Z
No data.
No data.
OpenCVE Enrichment
No data.
Github GHSA