CVE-2026-53512 - Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
CVE ID :CVE-2026-53512 Published : July 15, 2026, 6:16 p.m. | 17 minutes ago Description :Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the legacy oidcProvider and mcp plugins expose OAuth token endpoints whose refresh_token grant authenticates...