CVE-2026-53512 | better-auth Better Auth up to 1.6.10 OIDC Provider/MCP /api/auth/oauth2/token refresh_token improper authorization
A vulnerability categorized as problematic has been discovered in better-auth Better Auth up to 1.6.10. This vulnerability affects unknown code of the file /api/auth/oauth2/token of the component OIDC Provider/MCP. The manipulation of the argument refresh_token results in improper authorization.
This vulnerability was named CVE-2026-53512. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More