A vulnerability classified as critical was found in auth0-extensions auth0-account-link-extension up to 2.6.6. Affected by this vulnerability is an unknown functionality. The manipulation leads to authentication bypass by spoofing.

This vulnerability is known as CVE-2025-46345. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.