← volver
CVE-2026-13543

Documenso Google OAuth Login handle-oauth-callback-url.ts improper authentication

CVSS 6.3 MEDIUMEPSS 0.4%CWE-287
Vexday Risk Score
33Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 6.3EPSS 0.4%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Ciclo de vida
29 jun 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
n/a · Documenso
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →