Skip to content

CVE lookup

CVE-2026-53513

Pruva has a verified reproduction for CVE-2026-53513: @better-auth/sso <1.6.11 allows non-blind SSRF via unvalidated OIDC endpoint URLs during SSO provider registration, with potential account takeover when trustEmailVerified is enabled.. The canonical evidence record is REPRO-2026-00274.

REPRO

REPRO-2026-00274

Package

@better-auth/sso · npm

Severity

CRITICAL

Status

published