next-auth is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to the missing `state`, `nonce`, and `PKCE` checks for OAuth authentication, which allows an attacker to bypass the CSRF protection.Read More