CVE-2026-13543
Documenso Google OAuth Login handle-oauth-callback-url.ts improper authentication
CVSS Score
5.6
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
| CWE | CWE-287 |
| Vendor | n/a |
| Product | documenso |
| Published | Jun 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a documenso
Be the first to know when new medium vulnerabilities affecting n/a documenso are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / Documenso
2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11.0
References
vuldb.com: https://vuldb.com/vuln/374551 vuldb.com: https://vuldb.com/vuln/374551/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13543 vuldb.com: https://vuldb.com/submit/842579 github.com: https://github.com/documenso/documenso/issues/2758 github.com: https://github.com/documenso/documenso/pull/2837 github.com: https://github.com/documenso/documenso/
Credits
๐ Jeetpal2007 (VulDB User) VulDB CNA Team