Vulnerabilities

CVE-2026-42280

by Fred · 27/05/2026

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0.

More information : https://github.com/auth0/auth0.js/security/advisories/GHSA-8qjv-jj2q-x832

Similar

Tags: Cybersecurity Alert