VYPR

Authkit Session

by Workos

Source repositories

CVEs (1)

  • CVE-2026-42565MedMay 11, 2026
    risk 0.21cvss 4.3epss 0.00

    @workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The…