PT-2026-60243 · Better Auth+1 · @Better-Auth/Sso+1
Published
2026-07-15
·
Updated
2026-07-15
·
CVE-2026-53515
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Better Auth versions 1.2.10 through 1.6.10
Description
The @better-auth/sso plugin contains a flaw where the
registerSSOProvider() function in the 'POST /sso/register' endpoint only verifies organization membership without requiring an owner or admin role. This allows any organization member to attach an attacker-controlled OIDC (OpenID Connect, an identity layer on top of the OAuth 2.0 protocol) or SAML (Security Assertion Markup Language, an XML-based standard for exchanging authentication data) provider to drive organization provisioning via the '/sso/callback/{providerId}' endpoint.Recommendations
Update to version 1.6.11.
Fix
Improper Authorization
Improper Privilege Management
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
@Better-Auth/Sso
Better Auth