CVE-2026-53518 | better-auth Better Auth up to 1.6.10 OAuth2 Token Endpoint /oauth2/token authorization_code improper authorization
A vulnerability has been found in better-auth Better Auth up to 1.6.10 and classified as critical. Affected by this issue is some unknown functionality of the file /oauth2/token of the component OAuth2 Token Endpoint. Performing a manipulation of the argument authorization_code results in improper authorization.
This vulnerability is reported as CVE-2026-53518. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More