{"data":{"id":"1556daab-daa3-4009-b02a-7418bc0ec2fb","title":"GHSA-7w99-5wm4-3g79: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive","summary":"A security flaw in @better-auth/oauth-provider allows two token requests sent at the same time to both redeem a single authorization code (a temporary token that should only work once), bypassing OAuth security rules. The vulnerability affects versions 1.6.0 through 1.6.10, and similar issues exist in the legacy plugins from better-auth versions 1.4.8-beta.7 through 1.6.0.","solution":"Upgrade to @better-auth/oauth-provider@1.6.11 or later, or upgrade better-auth to 1.6.11 or later if using the legacy plugin paths. The fix replaces the unsafe find-then-delete sequence with an atomic claim-and-return primitive (consumeVerificationValue) that ensures only the first request successfully claims the authorization code, causing concurrent requests to receive an invalid_grant error instead.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-7w99-5wm4-3g79","publishedAt":"2026-07-07T20:56:35.000Z","cveId":"CVE-2026-53518","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["better-auth@< 1.6.11 (fixed: 1.6.11)","@better-auth/oauth-provider@>= 1.6.0, < 1.6.11 (fixed: 1.6.11)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["better-auth","better-auth/oauth-provider","Claude Desktop","MCP"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-07T20:56:35.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}