A vulnerability was found in better-auth Better Auth up to 1.6.10. It has been rated as critical. Impacted is the function
approve of the file /device/approve of the component DeviceAuthorization Plugin. This manipulation of the argument userId causes improper authorization.
This vulnerability is handled as CVE-2026-45337. The attack can be initiated remotely. There is not any exploit available.