CVE-2026-13543 MEDIUM

CVE-2026-13543: Documenso Google OAuth Login handle-oauth-callback-url.ts improper authentication

Vendor N/A
Product Documenso
Weakness CWE-287 · Improper authentication
Published June 29, 2026
Last update June 29, 2026

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.

Key dates

02Disclosure timeline

June 29, 2026 CVE published
June 29, 2026 Record updated