CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



GHSA-P2FR-6HMX-4528

GHSA-p2fr-6hmx-4528: Unbound Resource Indicators Allow Cross-Audience Access Token Escalation in @better-auth/oauth-provider

Alon Barad
Alon Barad
Software Engineer

Jul 7, 2026·6 min read·3 visits

Executive Summary (TL;DR)

The OAuth provider fails to bind client-requested target resources to authorization codes and refresh tokens, allowing authenticated clients to escalate their access to any resource server in the validAudiences configuration list.

A security vulnerability in @better-auth/oauth-provider allows OAuth clients to obtain access tokens for unauthorized audiences due to unbound resource indicators. The implementation fails to bind the requested target resource to the initial authorization grant. Consequently, a client can request an access token targeting any resource server within the global allowlist, bypassing user consent boundaries.

Vulnerability Overview

The @better-auth/oauth-provider package, a component of the better-auth authentication framework, contains an authorization bypass flaw. The issue is located in the implementation of the RFC 8707 (Resource Indicators for OAuth 2.0) specification.

In a multi-resource server architecture, the authorization server must strictly limit the audience of an access token to the specific resources authorized by the user. Under RFC 8707, clients specify their target resource server via a resource query parameter during the authorization phase. The authorization server must capture this state and bind it to the resulting authorization grant.

Because the provider fails to persist the resource constraints between the authorization phase and the token exchange phase, clients can request access to any resource in the server configuration. The threat surface includes lateral access escalation across internal microservices and unauthorized access to downstream resource servers.

Root Cause Analysis

The core technical flaw stems from the complete decoupling of the authorization request parameter processing and the token generation logic. The provider ignores the resource parameter at the authorization endpoint (/oauth2/authorize). Because of this, the consent screens presented to the resource owner do not accurately reflect the specific resource servers the client will ultimately access.

Furthermore, the database schemas for authorization codes and refresh tokens lack fields to store stateful resource constraints. When an authorization code is successfully issued, it contains no reference to the resources that the user approved. This violates RFC 8707 Section 2.2, which dictates that the authorization server must record the authorized resources and ensure the subsequent token requests represent a subset of that initial grant.

When the client interacts with the /oauth2/token endpoint, the token generator reads the resource parameter directly from the request body. Instead of verifying this parameter against the authorization code's bound resource, the server evaluates it against a global config array called validAudiences. If the target is present in this global list, the server mints a JWT containing the target in the aud (audience) claim, completing the unauthorized access escalation.

Code Architecture & Schema Deficiencies

To understand the implementation flaw, examine the conceptual behavior of the token exchange handler and database interaction. The vulnerable state persists because the data layer does not support multi-resource tracking.

Below is a representation of the vulnerable code pattern contrasted with the patched statefulness:

// Vulnerable Token Endpoint Logic
async function handleTokenExchange(req) {
  const codeRecord = await db.findAuthCode(req.code);
  const requestedResource = req.resource; // Obtained directly from the POST body
 
  if (requestedResource) {
    // BUG: The codeRecord has no 'resources' property. 
    // The check is performed globally, ignoring user-authorized boundaries.
    if (!config.validAudiences.includes(requestedResource)) {
      throw new OAuthError("invalid_target", "Resource not in global allowlist");
    }
  }
 
  // Access token is minted for the arbitrary resource requested
  return generateAccessToken({
    sub: codeRecord.userId,
    audience: requestedResource || config.defaultAudience
  });
}

The fix implements structural changes to store the approved resources into the database. When the /oauth2/token endpoint is queried, validation is performed directly against the database record instead of the global configuration.

// Patched Token Endpoint Logic
async function handleTokenExchange(req) {
  const codeRecord = await db.findAuthCode(req.code); // Now retrieves stateful 'resources' array
  const requestedResource = req.resource;
 
  if (requestedResource) {
    // FIX: Verify the requested resource is a subset of the authorized resources
    if (!codeRecord.resources.includes(requestedResource)) {
      throw new OAuthError("invalid_target", "The requested resource is not authorized for this grant");
    }
  }
 
  return generateAccessToken({
    sub: codeRecord.userId,
    audience: requestedResource
  });
}

Exploitation & Scenario Execution

Exploitation of this vulnerability requires the target authorization server to configure multiple resources inside the validAudiences array. No custom exploitation tools are required, as standard OAuth library clients or command-line HTTP clients can trigger the flaw.

An attacker controls a registered OAuth client. The target server has configured https://api.billing.example.com (sensitive) and https://api.stats.example.com (public) in its global allowlist. The attacker initiates the standard authorization flow targeting the public API.

After obtaining the authorization code, the client sends a token request to /oauth2/token but overrides the resource field to point to the sensitive billing API. Because there is no check linking the code to the initial scope, the server returns an access token possessing an audience claim (aud) set to the sensitive billing system.

POST /oauth2/token HTTP/1.1
Host: auth.example.com
Content-Type: application/x-www-form-urlencoded
 
grant_type=authorization_code&
code=AUTHORIZATION_CODE_HERE&
redirect_uri=https://client.example.com/callback&
client_id=CLIENT_ID&
client_secret=CLIENT_SECRET&
resource=https://api.billing.example.com

The same technique applies to refresh token grants. If a client possesses a valid refresh token, it can issue a refresh request with a modified resource parameter, pivoting its audience access to any target server inside the validAudiences array without prompting the user for consent.

Impact Assessment

This vulnerability breaks the security boundaries enforced by OAuth consent screens. While the authorization server attempts to maintain a list of valid audiences via configuration, the failure to bind those audiences to specific authorization transactions compromises the isolation of multi-tenant or multi-resource API environments.

If the authorization server is used to authenticate users across both low-security and high-security internal services, any client compromised by an attacker can escalate access tokens to gain privileges on the high-security APIs. This bypasses the zero-trust principle where resource servers rely on the correctness of the token audience claim to deny access to unauthorized clients.

From a CVSS perspective, the vulnerability is classified as Medium (6.4). The attack complexity is low, and no user interaction is required after the initial login. However, the scope of impact changes (Scope: Changed) because the failure allows the client to gain unauthorized privileges on external downstream systems (the resource servers).

Remediation & Defensive Hardening

The definitive solution is to upgrade to @better-auth/oauth-provider@1.7.0 (or @better-auth/oauth-provider@1.7.0-beta.4). The updated release implements stateful database storage for resource lists and enforces strict subset checks during token exchanges.

Because the patch introduces database schema modifications to track authorized resource boundaries, running migrations is mandatory. Administrators must run the database migration utilities to apply the structural changes.

npx auth migrate

For environments where upgrading is not immediately possible, implement the following workarounds:

  1. Limit the validAudiences configuration array to a single, global entry. When only one resource is allowed, cross-resource escalation becomes impossible.
  2. Configure downstream resource servers to strictly validate that incoming tokens contain only their specific audience identifier and do not support broad, multi-audience arrays.
  3. Implement a custom validation interceptor on the /oauth2/token endpoint to block requests containing a resource parameter that differs from the default client authorization parameters.

Technical Appendix

CVSS Score
6.4/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Affected Systems

@better-auth/oauth-provider

Affected Versions Detail

Product
Affected Versions
Fixed Version
@better-auth/oauth-provider
better-auth
>= 1.4.8, < 1.7.0-beta.41.7.0-beta.4
AttributeDetail
CWE IDCWE-863
Attack VectorNetwork
CVSS v3.1 Score6.4
Exploit Statusnone
CISA KEV StatusNot Listed
ImpactIncorrect Authorization (Audience Escalation)

MITRE ATT&CK Mapping

T1078Valid Accounts
Defense Evasion
T1556Modify Authentication Process
Credential Access
T1550.004Use Alternate Authentication Material: Access Tokens
Lateral Movement
CWE-863
Incorrect Authorization

The software performs authorization checks but implements them incorrectly, allowing an actor to access restricted resources or execute unauthorized actions.

References & Sources

  • [1]GitHub Security Advisory GHSA-p2fr-6hmx-4528
  • [2]better-auth Repository
  • [3]Fix Release Tag (v1.7.0-beta.4)
  • [4]RFC 8707 Section 2.2
  • [5]RFC 9068 Section 2.2

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•2 minutes ago•GHSA-Q855-8RH5-JFGQ
6.5

GHSA-Q855-8RH5-JFGQ: Missing Authentication and CSRF in ha-mcp bare root settings and policy routes

The ha-mcp add-on for Home Assistant exposes its settings and security policy routes without authentication at the bare root path of TCP port 9583. This exposure allows unauthorized adjacent network clients to reconfigure tools, alter policies, and bypass human-in-the-loop approval gates. The vulnerability has been addressed in development build 7.6.0.dev393 and subsequent releases by restricting access to root-mounted routes exclusively to the Supervisor Ingress IP.

Amit Schendel
Amit Schendel
0 views•8 min read
•33 minutes ago•GHSA-F66Q-9RF6-8795
5.3

GHSA-f66q-9rf6-8795: WebAuthn Re-authentication Freshness Bypass in Flask-Security-Too

An authentication freshness bypass vulnerability exists in the WebAuthn re-authentication path of Flask-Security-Too versions 5.8.0 and 5.8.1. The flaw allows an authenticated attacker to elevate the freshness status of a victim session using their own WebAuthn credential, bypassing re-authentication constraints.

Amit Schendel
Amit Schendel
3 views•5 min read
•about 1 hour ago•CVE-2026-50127
5.9

CVE-2026-50127: Server-Side Request Forgery Bypass via IPv6 Transition Prefixes in Weblate

A Server-Side Request Forgery (SSRF) vulnerability exists in Weblate's private address validator when the VCS_RESTRICT_PRIVATE setting is enabled. By exploiting IPv6 transition mechanisms, such as NAT64, 6to4, or IPv4-compatible configurations, an attacker can bypass private network boundaries and access internal services.

Alon Barad
Alon Barad
4 views•6 min read
•about 2 hours ago•GHSA-86J7-9J95-VPQJ
8.8

GHSA-86J7-9J95-VPQJ: Stored Cross-Site Scripting in Better Auth Plugins via Malicious Redirect URIs

A stored cross-site scripting vulnerability exists in the oidc-provider and mcp plugins of Better Auth. Attackers can register malicious clients with javascript: redirect URIs, leading to origin takeover when users authorize the client.

Amit Schendel
Amit Schendel
5 views•5 min read
•about 3 hours ago•GHSA-9H47-PQCX-HJR4
9.8

GHSA-9H47-PQCX-HJR4: Insecure Cryptographic Defaults in Better Auth OIDC Provider

The Better Auth framework's OIDC provider implementation (oidcProvider) contained insecure cryptographic defaults before version 1.6.11. It advertised the insecure alg=none signing algorithm and accepted plain PKCE challenges by default, leaving downstream clients vulnerable to token signature bypasses and authorization code interception attacks.

Alon Barad
Alon Barad
4 views•6 min read
•about 4 hours ago•GHSA-2VG6-77G8-24MP
3.8

GHSA-2vg6-77g8-24mp: Insufficient Session Expiration via Incomplete Cleanup in Better Auth Ecosystem

A critical session persistence vulnerability exists within the Better Auth framework when configured to use external secondary storage (such as Redis or Cloudflare KV) with default database options. Due to four incomplete user-deletion code paths, active user sessions are not evicted from secondary storage caches during deletion events. As a result, deleted users retain full system access via their pre-existing session cookies until the Session Time-To-Live (TTL) expires.

Amit Schendel
Amit Schendel
4 views•5 min read