CVE-2026-15527

Summary

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scan_project_icons/sync_icon. Such manipulation of the argument icons_file leads to path traversal. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
better-authbetter-icons1.0.0affected
better-authbetter-icons1.0.1affected
better-authbetter-icons1.0.2affected
better-authbetter-icons1.0.3affected
better-authbetter-icons1.0.4affected
better-authbetter-icons1.0.5affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References