Clerk-js OAuth Authentication Bypass Vulnerability

Vulnerability

A vulnerability in Clerk-js version 5.88.0 allows attackers to bypass the OAuth authentication process by manipulating requests during the one-time password (OTP) verification stage. This flaw arises because the backend fails to properly re-validate authentication when requests are altered, potentially leading to unauthorized access to user accounts.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts by bypassing the OAuth verification process.

Added: Nov 20, 2025, 7:17 PM

Updated: Nov 20, 2025, 10:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Clerk-js OAuth Authentication Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating