A vulnerability was found in Plack::Middleware::OAuth up to 0.10. It has been classified as problematic. Affected is the function
RequestTokenV2/AccessTokenV2 of the component OAuth 2.0 State Handler. Performing a manipulation of the argument state results in cross-site request forgery.
This vulnerability was named CVE-2026-12740. The attack may be initiated remotely. There is no available exploit.