CVE-2026-31813

MEDIUM EPSS 3.6%
Published Mar 11, 20263mo ago · Modified Mar 20, 20263mo ago
4.8 CVSS 3.1
Medium
Find Similar
Published Mar 11, 2026 3mo ago
Last Modified Mar 20, 2026 3mo ago

Description

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a valid, asymmetrically signed ID token from their issuer for each victim email address, which then is sent to the Supabase Auth token endpoint using the ID token flow. If the ID token is OIDC compliant, the Auth server would validate it against the attacker-controlled issuer and link the existing OIDC identity (Apple or Azure) of the victim to an additional OIDC identity based on the ID token contents. The Auth server would then issue a valid user session (access and refresh tokens) at the AAL1 level to the attacker. This vulnerability is fixed in 2.185.0.

CVSS Details

Base Score
4.8
Exploitability
2.2
Impact
2.5
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
3.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-290

Affected Products 1

VendorProductVersionRange
supabaseauth* <2.185.0

References 1

  • github.com https://github.com/supabase/auth/security/advisories/GHSA-v36f-qvww-8w8m
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.