PT-2026-60243 · Better Auth+1 · @Better-Auth/Sso+1

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-53515

CVSS v3.1

7.1

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Name of the Vulnerable Software and Affected Versions Better Auth versions 1.2.10 through 1.6.10
Description The @better-auth/sso plugin contains a flaw where the registerSSOProvider() function in the 'POST /sso/register' endpoint only verifies organization membership without requiring an owner or admin role. This allows any organization member to attach an attacker-controlled OIDC (OpenID Connect, an identity layer on top of the OAuth 2.0 protocol) or SAML (Security Assertion Markup Language, an XML-based standard for exchanging authentication data) provider to drive organization provisioning via the '/sso/callback/{providerId}' endpoint.
Recommendations Update to version 1.6.11.

Fix

Improper Authorization

Improper Privilege Management

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-53515

Affected Products

@Better-Auth/Sso
Better Auth