Security Flaw in Better Auth's Authentication Library for TypeScript
CVE-2026-53513

9.6CRITICAL

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-53513?

Better Auth, a library designed for authentication and authorization in TypeScript applications, presents a vulnerability in its @better-auth/sso plugin prior to version 1.6.11. This flaw allows attackers to exploit the POST /sso/register and POST /sso/update-provider endpoints under certain conditions where skipDiscovery is set to true. The vulnerability permits the injection of attacker-controlled URLs for oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint without proper origin validation. As a result, this could enable non-blind server-side request forgery and potential account linking, especially when the trustEmailVerified setting is enabled. The issue has been addressed in version 1.6.11.

Affected Version(s)

better-auth >= 0.1.0, < 1.6.11

sso >= 0.1.0, < 1.6.11

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.