CVE-2026-29792: Feathersjs Oauth Authenticate Params Query Fallback
OAuth `authenticate` builds its payload with a logical-OR fallback that ends in `params.query`. Because `params.query` is the raw, attacker-controlled HTTP request query string, an unauthenticated attacker who calls /oauth/:provider/callback directly (without ever invoking the authorize step) can forge a profile object via the query string and obtain a valid
greprules fetch cve-2026-29792-feathersjs-oauth-authenticate-params-query-fallback --engine opengrepDescription
OAuth `authenticate` builds its payload with a logical-OR fallback that ends in `params.query`. Because `params.query` is the raw, attacker-controlled HTTP request query string, an unauthenticated attacker who calls /oauth/:provider/callback directly (without ever invoking the authorize step) can forge a profile object via the query string and obtain a valid
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.