securityonline.info 7/14/2026, 1:51:23 AM · external

Critical SSRF bug in @better-auth/sso plugin exposes accounts

Critical SSRF bug in @better-auth/sso plugin exposes accounts
CyberSIXT Evidence Panel
Primary Source github.com
CISA KEV Not in KEV
Patch Patch Status Unknown

A critical security vulnerability in the @better-auth/sso plugin, tracked as CVE-2026-53513, has been identified, scoring 9.6 on the CVSS scale. The flaw allows authenticated users to exploit server-side request forgery (SSRF) by accessing internal services without validation, potentially leading to data exposure and account takeover. The vulnerability affects versions from 0.1.0 to <1.6.11, with a patch available in version 1.6.11. Users are advised to upgrade immediately to mitigate risks, and alternative workarounds are suggested if immediate patching is not feasible.

View Primary Source Via securityonline.info

Article by CyberSIXT