AWS WAF

Better Auth versions before 1.4.17 and pre-release versions before 1.5.0-beta.9 are vulnerable to CVE-2026-45364, a rate-limiting bypass that allows IPv6 clients to rotate through numerous source addresses or vary the textual encoding of one IPv6 address, effectively defeating rate limiting on authentication endpoints, potentially leading to credential stuffing, account enumeration, and amplification of password-reset email fan-out.

Detection of adversaries attempting to impair or disable AWS security services by deleting resources across GuardDuty, AWS WAF, CloudWatch, Route 53, and CloudWatch Logs to evade detection and remove visibility.