All 3 CVE vulnerabilities found in tinyauth, with AI-generated Chinese analysis, references, and POCs.
Vendor: steveiliop56
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33544 | Tinyauth has OAuth account confusion via shared mutable state on singleton service instances CWE-362 | 7.7 | High | 2026-04-02 |
| CVE-2026-32246 | Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint CWE-287 | 8.5 | High | 2026-03-12 |
| CVE-2026-32245 | Tinyauth's OIDC authorization codes are not bound to client on token exchange CWE-863 | 6.5 | Medium | 2026-03-12 |
All 3 known CVE vulnerabilities affecting tinyauth with full Chinese analysis, references, and POCs where available.