Auth bypass in Antonio-castellon Module-auth

CVE-2026-58399

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken() through spoofable auth-user and Host request headers. The validateT…

Vulnerability class: Broken Authentication

Affected products

Weakness classification (CWE)

References