Scope elevation attacks via parameter manipulation

7/10 High

Client applications or malicious attackers can manipulate the scope parameter during OAuth token exchange to request more permissions than originally authorized. This allows unauthorized access to user data beyond the initial token scope.

OAuth 2.0

Sources

https://www.vaadata.com/blog/understanding-oauth-2-0-and-its-common-vulnerabilities/

Collection History

Query: “What are the most common pain points with OAuth 2.0 for developers in 2025?”3/31/2026

A malicious client application could exploit a user token to access more information than it is authorised to, by modifying the scope parameter when exchanging with the OAuth server...An attacker could intercept a user's token and contact the /userinfo endpoint of the OAuth server, while modifying the scope.

Created: 3/31/2026Updated: 3/31/2026