CVE-2026-45364 | better-auth Better Auth up to 1.4.16/1.5.0-beta.8 Header X-Forwarded-For excessive authentication (GHSA-p6v2-xcpg-h6xw)

A vulnerability was found in better-auth Better Auth up to 1.4.16/1.5.0-beta.8 and classified as problematic. This impacts an unknown function of the component Header Handler. Such manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts.

This vulnerability is uniquely identified as CVE-2026-45364. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More