CVE-2026-43983 | pocket-id Pocket ID up to 2.5.x Refresh Token createTokenFromRefreshToken improper authorization

A vulnerability identified as critical has been detected in pocket-id Pocket ID up to 2.5.x. Affected is the function createTokenFromRefreshToken of the component Refresh Token Handler. This manipulation causes improper authorization.

This vulnerability appears as CVE-2026-43983. The attack may be initiated remotely. There is no available exploit.

You should upgrade the affected component.VulDB Recent EntriesRead More