VYPR

Passport

by Laravel

Source repositories

CVEs (1)

  • CVE-2026-39976HigApr 9, 2026
    risk 0.39cvss 7.1epss 0.00

    Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier (since there's no user). The token guard…