VYPR

npm package

@workos/authkit-session

pkg:npm/%40workos/authkit-session

Vulnerabilities (1)

  • CVE-2026-42565MedMay 11, 2026
    affected < 0.5.1fixed 0.5.1

    @workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The stat