CVE-2026-3531 | THREATINT

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

PUBLISHED Reserved 2026-03-04 | Published 2026-03-26 | Updated 2026-03-30 | Assigner drupal

Problem types

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Product status

Default status

unaffected

0.0.0 (semver) before 1.5.0

affected

Credits

Kimberley Massey (kimberleycgm) finder

Kimberley Massey (kimberleycgm) remediation developer

Philip Frilling (pfrilling) remediation developer

Damien McKenna (damienmckenna) coordinator

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2026-026

cve.org (CVE-2026-3531)

nvd.nist.gov (CVE-2026-3531)

Download JSON