Am I affected? Users are affected if all of the following are true: Their project depends on @better-auth/oauth-provider at a version >= 1.6.0, = 1.4.8-beta.7, < 1.6.0. At least one OAuth client served by their applicat…
| CVE ID | CVE-2026-53517 |
| Vendor | npm |
| Affected Product | @better-auth/oauth-provider |
| Vulnerability Type | Vulnerability |
| CVSS Score | 8.1 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
@better-auth/oauth-provider at a version >= 1.6.0, = 1.4.8-beta.7, < 1.6.0.offline_access scope, so refresh tokens are minted.offline_access for any client, no refresh tokens are minted and they are not exposed. Fix: 1. Upgrade to `@better-auth/oauth-provider@1.6.11Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.