CVE-2026-53517 - Better Auth OAuth Provider: Refresh Token Rotation Race Condition Allows Concurrent Replay and Token Family Forking
CVE ID :CVE-2026-53517 Published : July 15, 2026, 6:16 p.m. | 17 minutes ago Description :Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refresh_token grant performs...