Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth...

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N

Description

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict client registration were not actually restricted — any authenticated user could reach the create endpoints and register an OAuth client with attacker-chosen redirect URIs and metadata. This vulnerability is fixed in 1.6.5.

Basic Information

ID CVE-2026-41427

Source GitHub_M

Published Apr 24, 2026 at 19:23

Affected Product

Vendor better-auth

Product better-auth

Version >= 1.4.8-beta.7, < 1.6.5

Affected Versions better-auth better-auth >= 1.4.8-beta.7, < 1.6.5
better-auth better-auth >= 1.7.0-beta.0, <= 1.7.0-beta.1
better-auth oauth-provider >= 1.4.8-beta.7, < 1.6.5
better-auth oauth-provider >= 1.7.0-beta.0, <= 1.7.0-beta.1

CWE Classification

CWE-863

References

github.com /better-auth/better-auth/security/advisories/GHSA-xr8f-h2gw-9xh6

{
    "lastseen": "",
    "description": "Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict client registration were not actually restricted \u2014 any authenticated user could reach the create endpoints and register an OAuth client with attacker-chosen redirect URIs and metadata. This vulnerability is fixed in 1.6.5.",
    "published": "2026-04-24T19:23:20.161Z",
    "modified": "2026-04-24T19:23:20.161Z",
    "type": "cve",
    "title": "Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients",
    "source": "GitHub_M",
    "references": "https://github.com/better-auth/better-auth/security/advisories/GHSA-xr8f-h2gw-9xh6",
    "id": "CVE-2026-41427",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "better-auth better-auth >= 1.4.8-beta.7, < 1.6.5\nbetter-auth better-auth >= 1.7.0-beta.0, <= 1.7.0-beta.1\nbetter-auth oauth-provider >= 1.4.8-beta.7, < 1.6.5\nbetter-auth oauth-provider >= 1.7.0-beta.0, <= 1.7.0-beta.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "better-auth",
    "version": ">= 1.4.8-beta.7, < 1.6.5",
    "vendor": "better-auth",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients_CVE-2026-41427