next-auth is vulnerable to Improper Authorization. A malicious actor could create an empty/mock user by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the next-auth.session-token cookie value with this non-related JWT would let the user simulate a logged in user and the malicious actor can peek at logged in user states. (e.g. dashboard layout). next-auth applications that rely on the default Middleware authorization are only…Read More