CVE-2026-42280EPSS p11.3%

CVE-2026-42280CVE-2026-42280

auth0 / auth0.js

Description

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0.

Scoring

CVSS 7.1 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS0.21% probability of exploitation · percentile 11.3% · 2026-06-19T12:03:05Z
Last modified2026-06-04

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-47275
CVE
CVE-2026-34236
CVE
CVE-2026-50213
CVE
CVE-2026-8890
CVE
CVE-2026-9704
CVE
CVE-2026-1529
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.