CNNVD-202510-1218 Information
CNNVD ID
CNNVD-202510-1218
Related CVE
- CNNVD Published: 2025-10-09
Description (Chinese)
Better Auth是Better Auth开源的一个 TypeScript 最全面的身份验证框架。 Better Auth 1.3.26之前版本存在安全漏洞,该漏洞源于未经验证的攻击者可通过请求体中用户ID绕过身份验证,可能导致身份验证绕过和权限提升。
Description (English)
Better Auth is one of the most comprehensive TypScript authentication frameworks for Better Auth. The previous version of Better Auth 1.3.26 had a security loophole, which stemmed from the fact that unverified assailants could circumvent identification through the user ID in the requesting body, which could lead to a circumvention of the identification and the enhancement of privileges.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Better Auth
Published
2025-10-09
Last Modified
2026-02-24
References
https://github.com/better-auth/better-auth/commit/556085067609c508f8c546ceef9003ee8c607d39 https://github.com/better-auth/better-auth/security/advisories/GHSA-99h5-pjcv-gr6v
Patch
https://github.com/better-auth/better-auth/releases
Share on: