Package impact
npm / @clerk/shared
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41248 | critical | 9.1 | 9.1 | 1mo ago | Official Clerk JavaScript SDKs: Middleware-based route protection bypass | |||
| CVE-2026-42349 | high | — | 8.0 | 18d ago | Clerk has an authorization bypass when combining organization, billing, or reverification checks |