Skip to main content

Documenso

1 CVEs product

Monthly

CVE-2026-13543 LOW POC PATCH Monitor

Google OAuth login in Documenso through version 2.11.0 fails to enforce two-factor authentication during the OAuth callback flow, allowing a remote attacker to authenticate as any Google-linked user without completing MFA verification. The flaw resides in handle-oauth-callback-url.ts, where the oauth2fa state is not properly routed through the dedicated OAuth 2FA verification path - as confirmed by the PR diff showing the signin form was not checking the oauth2fa=true callback parameter. Publicly available exploit code exists (GitHub issue #2758), though no active exploitation has been confirmed and the CVSS 4.0 AC:H rating indicates the attack requires precise manipulation of the OAuth callback flow.

Authentication Bypass Google Documenso
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.4%
EPSS 0% CVSS 2.9
LOW POC PATCH Monitor

Google OAuth login in Documenso through version 2.11.0 fails to enforce two-factor authentication during the OAuth callback flow, allowing a remote attacker to authenticate as any Google-linked user without completing MFA verification. The flaw resides in handle-oauth-callback-url.ts, where the oauth2fa state is not properly routed through the dedicated OAuth 2FA verification path - as confirmed by the PR diff showing the signin form was not checking the oauth2fa=true callback parameter. Publicly available exploit code exists (GitHub issue #2758), though no active exploitation has been confirmed and the CVSS 4.0 AC:H rating indicates the attack requires precise manipulation of the OAuth callback flow.

Authentication Bypass Google Documenso
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy