AIKIDO-2026-10547
@better-auth/oauth-provider is vulnerable to Server-Side Request Forgery (SSRF)
81
High Risk
This Affects:
@better-auth/oauth-providerTL;DR
The OAuth provider plugin compares redirect URIs, issuer URLs, and related URL fields during authorization and configuration validation. Before the change, parts of that logic relied on hand-rolled host checks that did not always align with strict loopback and IP literal rules, which could leave edge cases where unsafe hosts were treated as acceptable in redirect or HTTPS enforcement paths. The update routes those decisions through the shared isLoopbackHost and related helpers from core so loopback, IP literal, and scheme rules match the rest of the stack and line up with the intended redirect policy.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
@better-auth/oauth-provider is vulnerable to Server-Side Request Forgery (SSRF) in versions 1.3.18 - 1.6.5.
How to fix this
Upgrade the @better-auth/oauth-provider library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant