CVE-2026-55954 - Missing ID token claim validation in ueberauth_apple allows account takeover
CVE ID :CVE-2026-55954 Published : July 14, 2026, 4:17 p.m. | 17 minutes ago Description :Authentication Bypass by Spoofing vulnerability in ueberauth ueberauth_apple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the...