A vulnerability has been found in better-auth Better Auth up to 1.6.10 and classified as critical. Affected by this issue is some unknown functionality of the file /oauth2/token of the component OAuth2 Token Endpoint. Performing a manipulation of the argument authorization_code results in improper authorization.

This vulnerability is reported as CVE-2026-53518. The attack is possible to be carried out remotely. No exploit exists.