Vulnerability in Ueberauth Ueberauth_apple

CVE-2026-55954

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauth_apple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback id_toke…

Affected products

Weakness classification (CWE)

References