PatchSiren

better-auth CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW better-auth CVE published 2026-07-13

CVE-2026-15527

A path traversal vulnerability has been identified in better-auth better-icons up to 1.0.5. The vulnerability affects the scan_project_icons/sync_icon component. Manipulation of the icons_file argument can lead to path traversal. Local access is required for an attack. The exploit has been publicly disclosed but vendor response is pending. Users should verify affected versions and monitor for suspicious l [truncated]

HIGH better-auth CVE published 2026-05-28

CVE-2026-45364

Better Auth's HTTP rate limiter prior to versions 1.4.17 and 1.5.0-beta.9 used raw textual IP addresses from x-forwarded-for (or configured IP-bearing headers) as rate-limiting keys without normalization. This allowed IPv6 clients with a /64 allocation to rotate through 2^64 distinct addresses, bypassing per-address rate limits on authentication endpoints including /sign-in/email, /sign-up/email, and /for [truncated]