A critical security vulnerability in the @better-auth/sso plugin, tracked as CVE-2026-53513, has been identified, scoring 9.6 on the CVSS scale. The flaw allows authenticated users to exploit server-side request forgery (SSRF) by accessing internal services without validation, potentially leading to data exposure and account takeover. The vulnerability affects versions from 0.1.0 to <1.6.11, with a patch available in version 1.6.11. Users are advised to upgrade immediately to mitigate risks, and alternative workarounds are suggested if immediate patching is not feasible.
Critical SSRF bug in @better-auth/sso plugin exposes accounts
CyberSIXT Evidence Panel
Article by CyberSIXT