CVE-2026-15527: Path Traversal in better-auth better-icons
A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scan_project_icons/sync_icon. Such manipulation of the argument icons_file leads to path traversal. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AI Analysis
Technical Summary
This vulnerability in better-auth better-icons up to version 1.0.5 involves improper handling of the icons_file argument within the scan_project_icons/sync_icon component, enabling local attackers to perform path traversal attacks. This can potentially allow attackers to access or manipulate files outside the intended directory. The vulnerability requires local access with low privileges and does not require user interaction. The issue was reported early to the project but remains unaddressed, and the exploit details have been publicly disclosed.
Potential Impact
An attacker with local access and low privileges can exploit this vulnerability to traverse directories via the icons_file argument, potentially accessing or modifying files outside the intended scope. The impact is limited by the requirement for local access and low privileges, and the overall severity is medium (CVSS 4.8). There is no indication of remote exploitation or elevated privileges.
Mitigation Recommendations
No official fix or patch is currently available, and the vendor has not responded to the issue report. Users should restrict local access to trusted users only and monitor for any suspicious local activity involving the better-icons component. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2026-15527: Path Traversal in better-auth better-icons
Description
A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scan_project_icons/sync_icon. Such manipulation of the argument icons_file leads to path traversal. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS v4.0
Score 4.8medium
Affected software
pkg:github/better-auth/better-iconscpe:2.3:a:better-auth:better-icons:*:*:*:*:*:*:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in better-auth better-icons up to version 1.0.5 involves improper handling of the icons_file argument within the scan_project_icons/sync_icon component, enabling local attackers to perform path traversal attacks. This can potentially allow attackers to access or manipulate files outside the intended directory. The vulnerability requires local access with low privileges and does not require user interaction. The issue was reported early to the project but remains unaddressed, and the exploit details have been publicly disclosed.
Potential Impact
An attacker with local access and low privileges can exploit this vulnerability to traverse directories via the icons_file argument, potentially accessing or modifying files outside the intended scope. The impact is limited by the requirement for local access and low privileges, and the overall severity is medium (CVSS 4.8). There is no indication of remote exploitation or elevated privileges.
Mitigation Recommendations
No official fix or patch is currently available, and the vendor has not responded to the issue report. Users should restrict local access to trusted users only and monitor for any suspicious local activity involving the better-icons component. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-07-12T12:51:37.994Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a5463f568715ace431cdc92
Added to database: 07/13/2026, 04:05:09 UTC
Last enriched: 07/13/2026, 04:18:04 UTC
Last updated: 07/13/2026, 23:04:39 UTC
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.