📦 Pocket Id

CVE-2026-28512 is an OpenID Connect callback URL validation bypass in Pocket ID versions 2.0.0 through 2.3.x. Attackers can craft malicious authorization links containing URL userinfo (@) to redirect ...