Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

openid_connect_\/_oauth_client

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-3532
Assigner-Drupal.org
ShareView Details
Assigner-Drupal.org
CVSS Score-4.2||MEDIUM
EPSS-0.03% / 9.19%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 20:04
Updated-01 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027

Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

Action-Not Available
Vendor-bojanzThe Drupal Association
Product-openid_connect_\/_oauth_clientOpenID Connect / OAuth client
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2026-3531
Assigner-Drupal.org
ShareView Details
Assigner-Drupal.org
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.38%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 20:03
Updated-01 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

Action-Not Available
Vendor-bojanzThe Drupal Association
Product-openid_connect_\/_oauth_clientOpenID Connect / OAuth client
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-3530
Assigner-Drupal.org
ShareView Details
Assigner-Drupal.org
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.35%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 20:03
Updated-01 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025

Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

Action-Not Available
Vendor-bojanzThe Drupal Association
Product-openid_connect_\/_oauth_clientOpenID Connect / OAuth client
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)