CVE-2026-12746 | Dancer2::Plugin::Auth::OAuth::Provider up to 0.22 OAuth 2.0 Flow authentication_url/callback state cross-site request forgery
A vulnerability was found in Dancer2::Plugin::Auth::OAuth::Provider up to 0.22. It has been declared as problematic. Affected by this vulnerability is the function authentication_url/callback of the component OAuth 2.0 Flow Handler. Executing a manipulation of the argument state can lead to cross-site request forgery.
The identification of this vulnerability is CVE-2026-12746. The attack may be launched remotely. There is no exploit available.