CRITICAL
team-alembic
CVE published 2026-06-15
CVE-2026-49757
CVE-2026-49757 is a critical vulnerability in AshAuthentication, a library used for authentication in Elixir applications. The vulnerability allows an attacker to bypass authentication and take over a local user's account using OAuth2 or OIDC sign-in. This is possible because AshAuthentication's OAuth2 and OIDC strategies match local users by email address instead of the OpenID Connect iss/sub claim combi [truncated]