HomeCVE Intelligence › CVE-2026-53518
CVSS 8.1 HIGH Vulnerability

CVE-2026-53518: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption…

Am I affected? Users are affected if all of the following are true: Their project depends on @better-auth/oauth-provider at a version >= 1.6.0, = 1.4.8-beta.7, , discarding the row count surfaced by adapter.deleteMany,…

8.1CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-53518
Vendornpm
Affected Product@better-auth/oauth-provider
Vulnerability TypeVulnerability
CVSS Score8.1 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version >= 1.6.0, = 1.4.8-beta.7, , discarding the row count surfaced by adapter.deleteMany, so no call site can detect "another caller already claimed this row". The fix lands at the primitive layer rather than at any individual call site. The fix introduces a claimVerificationByIdentifier primitive at the internal-adapter layer that performs an atomic claim-and-return, replaces the find-then-delete pair at this call site, and migrates the highest-impact variant sites in the same release.

Patches Fixed in @better-auth/oauth-provider@1.6.11 and better-auth@1.6.11 for the legacy oidc-provider and mcp plugin paths. All three token-exchange ca

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-53518 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence