Tools & Comparisons

Honest comparisons of security tools, platforms, and frameworks. Which to use, when, and why.

1 post in this cluster

Clerk2026-01-19·10 min

Clerk Auth: The unsafe_metadata Footgun

Clerk's unsafe_metadata field is client-writable by design. If your application security model reads role assignments from metadata without server-side validation, any authenticated user can escalate to admin. A practical penetration testing guide to finding and fixing this privilege escalation vulnerability.

Other Research Clusters

Jump to another topic

PCI · HIPAA · SOC 2 · CMMC · NYDFS · ISO 27001

Consumer Privacy & Opsec →

Apply this research to your environment

Our engagements apply the same research methodology surfaced in these posts to your specific stack. Start with a free security check.

Free Security Check See Services

Tools & Comparisons

Clerk Auth: The unsafe_metadata Footgun

Jump to another topic

Compliance & Regulatory →

Threat Intelligence →

Platform Security →

AI Security →

Consumer Privacy & Opsec →

Apply this research to your environment