Back to overview

CVE-2026-53515

HIGH
7.1
CVSS 3.1
Description
Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin's POST /sso/register endpoint lets any organization member attach a new SSO provider to that organization because registerSSOProvider checks only for a membership row and does not require an owner or admin role, allowing attacker-controlled OIDC or SAML providers to drive /sso/callback/{providerId} organization provisioning. This issue is fixed in version 1.6.11.

Metadata

CVE ID
CVE-2026-53515
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-06-09 17:30 UTC
Published
2026-07-15 17:27 UTC
Last updated
2026-07-15 19:30 UTC
Primary CWE
CWE-269
CWE-269: Improper Privilege Management
Vendor / Product
better-auth / better-auth
Sources
cve.org  ·  NVD

Severity & Metrics

7.1 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (2)
VendorProductPlatformVersions
@better-auth sso >= 1.2.10, < 1.6.11
better-auth better-auth >= 1.2.10, < 1.6.11
Weakness (CWE)
CWESourceDescription
CWE-269 cna CWE-269: Improper Privilege Management
CWE-285 cna CWE-285: Improper Authorization
CWE-863 cna CWE-863: Incorrect Authorization
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.1 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
References (4)
Back to overview