CyberRota
← Ana sayfaya dön

CVE-2026-53517

HIGH · CVSS 8.1 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-15T18:16:48.107 · Çekilme zamanı: 2026-07-16T06:07:28.732712+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-53517
Severity
HIGH
CVSS
8.1
EPSS
Yok

Orijinal NVD Açıklaması

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refresh_token grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing concurrent requests with the same parent refresh token to pass the revoked check and create forked refresh-token families; the vulnerable range also includes embedded better-auth plugin versions before 1.6.0. This issue is fixed in version 1.6.11.