HIGH
auth0
CVE published 2026-05-27
CVE-2026-42280
## Summary Auth0.js, a client-side JavaScript library for Auth0, contains an improper authorization vulnerability (CWE-863) in versions 8.11.0 through 9.32.0. Under specific preconditions, the SDK may return user profile information using a valid access token when presented with a specifically crafted invalid ID token. This could allow an attacker to obtain unauthorized access to user profile data. The vu [truncated]