CVE-2026-42349 - Clerk combined authorization bypass

rg -n "@clerk/|from ['\"]@clerk|has\\(|auth\\.protect\\(|reverification|unauthenticatedUrl|unauthorizedUrl|feature:|plan:|permission:|role:" .
npm ls @clerk/shared @clerk/nextjs @clerk/backend @clerk/clerk-js
pnpm why @clerk/shared @clerk/nextjs @clerk/backend @clerk/clerk-js
yarn why @clerk/shared @clerk/nextjs @clerk/backend @clerk/clerk-js

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-42349 (Clerk combined authorization predicate
bypass). Produce exactly one output:

- A reviewer-ready PR/change request that upgrades affected Clerk packages,
  removes reachable combined-predicate bypass risk, adds regression coverage,
  and documents operator review, or
- TRIAGE.md if this repository does not own an affected Clerk application or
  cannot make a safe patch.

## Rules

- Scope only CVE-2026-42349 and directly related Clerk authorization checks.
- Do not weaken authentication, organization authorization, billing
  entitlement, feature entitlement, reverification, or redirect behavior to
  preserve compatibility.
- Do not log Clerk session tokens, JWTs, cookies, OAuth tokens, organization
  secrets, API keys, billing data, or user PII.
- Do not rely only on dependency updates if sensitive combined authorization
  predicates are present and untested.
- Do not auto-merge.

## Steps

1. Inventory every Clerk dependency in package manifests, lockfiles, workspace
   manifests, Dockerfiles, deployment images, generated dependency manifests,
   and SBOMs.
2. Determine whether any resolved package is in an affected CVE-2026-42349
   range, especially:
   - `@clerk/nextjs`;
   - `@clerk/backend`;
   - `@clerk/shared`;
   - `@clerk/clerk-js`;
   - framework wrappers such as Astro, Express, Fastify, Hono, Nuxt, React
     Router, TanStack React Start, Vue, Expo, and Chrome Extension packages.
3. Search application code for Clerk authorization predicates:
   - `has(...)`;
   - `auth.protect(...)`;
   - `createCheckAuthorization`;
   - `reverification`;
   - `role`, `permission`, `feature`, and `plan` checks;
   - `unauthenticatedUrl`, `unauthorizedUrl`, or `token` passed to
     `auth.protect()`.
4. Identify sensitive routes, server actions, API handlers, webhooks, jobs, or
   agent-control paths protected by combined predicate objects. Treat these as
   high priority when they guard organization administration, billing-gated
   features, connector/tool approval, secret access, key rotation, data export,
   destructive operations, or workflow promotion.
5. Upgrade affected Clerk packages to the fixed release for the current major
   line. Regenerate lockfiles, workspace metadata, SBOMs, image metadata, and
   deployment artifacts controlled by this repository.
6. If any sensitive gate uses a combined `has()` or `auth.protect()` object,
   either:
   - rewrite it as sequential single-condition checks that deny when any check
     fails, or
   - preserve the API shape only after adding regression coverage that proves
     missing role, missing permission, missing plan/feature, and missing
     reverification each deny access on the fixed SDK.
7. For `@clerk/nextjs`, ensure `auth.protect()` authorization parameters are
   not silently bypassed when redirect or token options are present. Prefer
   separate authorization enforcement and redirect handling where the codebase
   pattern allows it.
8. Add regression tests with fake users/sessions/claims that prove denial for:
   - correct role but missing reverification;
   - correct reverification but missing permission;
   - correct billing plan or feature but missing role or permission;
   - redirect/token options present without satisfying authorization;
   - any project-specific admin, billing, connector, or agent-control gate.
9. Add a PR body section named `CVE-2026-42349 operator actions` that states:
   - Clerk packages and versions before and after the change;
   - which combined authorization predicates were found;
   - which sensitive actions they protected;
   - whether any temporary sequential-check mitigation was added;
   - which audit logs should be reviewed for sensitive actions during the
     vulnerable window;
   - whether any tenant, organization, billing, or entitlement state requires
     manual review.
10. Run the relevant validation: package-manager install check, unit tests,
    route/action authorization tests, integration tests, lint/typecheck, build,
    dependency scan, and any policy or E2E checks available in this repository.
11. Use PR title:
    `fix(sec): remediate CVE-2026-42349 in Clerk authorization`.

## Stop conditions

- The repository does not depend on Clerk packages and does not deploy a Clerk
  application.
- All resolved Clerk packages are already fixed and no generated deployment
  artifact remains vulnerable.
- The project uses only single-condition Clerk checks and tests prove no
  affected combined predicate object protects sensitive actions.
- A package upgrade is blocked by a framework or product migration outside
  this repository; document the owner, required fixed versions, and temporary
  sequential-check mitigation.
- Verifying exposure would require using production sessions, real customer
  identities, billing data, organization secrets, or live tokens.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.