CVE-2026-53517 | better-auth up to 1.6.10 OAuth Provider /oauth2/token refresh_token improper authorization

SecurityVulns

A vulnerability labeled as critical has been found in better-auth up to 1.6.10. This affects an unknown function of the file /oauth2/token of the component OAuth Provider. Executing a manipulation of the argument refresh_token can lead to improper authorization.

The identification of this vulnerability is CVE-2026-53517. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More