CVE lookup
CVE-2026-53513
Pruva has a verified reproduction for CVE-2026-53513: @better-auth/sso <1.6.11 allows non-blind SSRF via unvalidated OIDC endpoint URLs during SSO provider registration, with potential account takeover when trustEmailVerified is enabled.. The canonical evidence record is REPRO-2026-00274.
REPRO
REPRO-2026-00274
Package
@better-auth/sso · npm
Severity
CRITICAL
Status
published