Authentication Bypass Vulnerability in Ueberauth Apple Plugin
CVE-2026-55954

9.1CRITICAL

Key Information:

Vendor

Ueberauth

Vendor
CVE Published:
14 July 2026

What is CVE-2026-55954?

The Ueberauth Apple plugin contains a security flaw that allows attackers to bypass authentication through spoofed ID tokens. Specifically, the plugin fails to validate crucial claims present in the ID token, such as iss, aud, exp, and iat. An attacker can exploit this by using an Apple-signed ID token of a victim, which could be obtained through various means such as expired token capture or sharing between sibling clients within the same Apple developer team. This vulnerability enables unauthorized access to user accounts, as tokens can remain valid indefinitely due to the lack of expiration checks. It is imperative to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

ueberauth_apple 0.1.0 < 0.6.2

ueberauth_apple 3908a187d045c75994b62ce340c3aa26bb8976b8 < 01e2d9c9b3134e1b78633ad82d136d5ff4a61f28

References

CVSS V4

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0xRenSec
AJ Foster
Jonatan Männchen / EEF
.