Skip to main content

Ueberauth Apple

1 CVEs product

Monthly

CVE-2026-55954 CRITICAL PATCH Act Now

Authentication bypass by spoofing in the Elixir ueberauth_apple strategy (0.1.0 through 0.6.1) allows full account takeover because the callback id_token's signature is checked against Apple's JWKS but its registered claims are never validated. Remote unauthenticated attackers who obtain any Apple-signed token carrying the victim's sub - an expired token or one issued to a sibling client in the same Apple developer team - can replay it to log in as the victim. No public exploit identified at time of analysis, but the vendor-confirmed fix (0.6.2) and a clear replay path make this a high-priority auth flaw; EPSS and KEV data were not provided.

Apple Authentication Bypass Ueberauth Apple
NVD GitHub
CVSS 4.0
9.1
EPSS
0.4%
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Authentication bypass by spoofing in the Elixir ueberauth_apple strategy (0.1.0 through 0.6.1) allows full account takeover because the callback id_token's signature is checked against Apple's JWKS but its registered claims are never validated. Remote unauthenticated attackers who obtain any Apple-signed token carrying the victim's sub - an expired token or one issued to a sibling client in the same Apple developer team - can replay it to log in as the victim. No public exploit identified at time of analysis, but the vendor-confirmed fix (0.6.2) and a clear replay path make this a high-priority auth flaw; EPSS and KEV data were not provided.

Apple Authentication Bypass Ueberauth Apple
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy