CVE-2026-42560 - auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation
CVE ID :CVE-2026-42560 Published : May 9, 2026, 6:16 a.m. | 48 minutes ago Description :auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same lo
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Schools reach out to Canvas hackers as breach hits US classrooms: report
- [CYBER] Laravel Now Has Native Passkeys: A Complete Guide to laravel/passkeys
- [CYBER] cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
- [CYBER] How a Single JavaScript File Bypassed a $1.5B Multi-Sig: Anatomy of the Bybit Hack
- [CYBER] 61. K-Nearest Neighbors: Judge by Your Company
- [CYBER] CVE-2026-42311 - Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)