Security Flaw in Better Auth's Authentication Library for TypeScript
CVE-2026-53513
What is CVE-2026-53513?
Better Auth, a library designed for authentication and authorization in TypeScript applications, presents a vulnerability in its @better-auth/sso plugin prior to version 1.6.11. This flaw allows attackers to exploit the POST /sso/register and POST /sso/update-provider endpoints under certain conditions where skipDiscovery is set to true. The vulnerability permits the injection of attacker-controlled URLs for oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint without proper origin validation. As a result, this could enable non-blind server-side request forgery and potential account linking, especially when the trustEmailVerified setting is enabled. The issue has been addressed in version 1.6.11.
Affected Version(s)
better-auth >= 0.1.0, < 1.6.11
sso >= 0.1.0, < 1.6.11
