A vulnerability was found in ueberauth ueberauth_apple up to 0.6.1. It has been declared as critical. This affects the function payload of the component Apple Authentication Strategy. The manipulation of the argument sub results in authentication bypass by capture-replay.

This vulnerability is reported as CVE-2026-55954. The attack can be launched remotely. No exploit exists.