Critical CSRF Vulnerability in Mojolicious::Plugin::Web::Auth::OAuth2 (CVE-2026-9733)
A critical vulnerability (CVE-2026-9733) with a CVSS score of 9.1 has been discovered in Mojolicious::Plugin::Web::Auth::OAuth2 versions up to 0.17. This vulnerability allows an attacker to hijack another user's session through cross-site request forgery (CSRF) due to a predictable state parameter. The vulnerability has not been actively exploited but poses a significant risk due to its high severity and potential impact. Immediate patching or mitigation is recommended.