Home

Description

Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

PUBLISHED Reserved 2026-03-04 | Published 2026-03-26 | Updated 2026-03-30 | Assigner drupal

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status
unaffected

0.0.0 (semver) before 1.5.0
affected

Credits

Drew Webber (mcdruid) finder

Drew Webber (mcdruid) remediation developer

Philip Frilling (pfrilling) remediation developer

Damien McKenna (damienmckenna) coordinator

Greg Knaddison (greggles) coordinator

Drew Webber (mcdruid) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2026-025

cve.org (CVE-2026-3530)

nvd.nist.gov (CVE-2026-3530)

Download JSON