CVE-2026-53516 | better-auth Better Auth up to 1.6.10 OAuth Callback Auto-Link Gate /sign-up/email handleOAuthUserInfo email_verified/emailVerified improper authorization
A vulnerability was found in better-auth Better Auth up to 1.6.10. It has been rated as critical. This affects the function handleOAuthUserInfo of the file /sign-up/email of the component OAuth Callback Auto-Link Gate. The manipulation of the argument email_verified/emailVerified leads to improper authorization.
This vulnerability is uniquely identified as CVE-2026-53516. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More