PT-2026-53218 · Documenso · Documenso
Jeetpal2007
·
Published
2026-06-29
·
Updated
2026-06-29
·
CVE-2026-13543
CVSS v3.1
5.6
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Documenso versions prior to 2.11.1
Description
Improper authentication exists in the Google OAuth Login component within the file
packages/auth/server/lib/utils/handle-oauth-callback-url.ts. This issue allows a remote attacker to manipulate the authentication process, although the attack is characterized by high complexity and is difficult to exploit.Recommendations
Update to a version newer than 2.11.0.
Restrict the use of the Google OAuth Login functionality until the pending fix is officially released and applied.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Documenso