A vulnerability was found in better-auth Better Auth up to 1.6.10. It has been rated as critical. Impacted is the function approve of the file /device/approve of the component DeviceAuthorization Plugin. This manipulation of the argument userId causes improper authorization.

This vulnerability is handled as CVE-2026-45337. The attack can be initiated remotely. There is not any exploit available.