PT-2026-23115 · Drupal+2 · Openid Connect / Oauth Client+1

Drew Webber

Publicado

2026-03-04

Atualizado

2026-03-26

CVE-2026-3532

CVSS v3.1

4.2

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0

Description A flaw exists in the OpenID Connect / OAuth client module that allows for privilege escalation due to improper handling of case sensitivity. The module does not adequately validate the uniqueness of user fields, potentially allowing a user to register with an email address already associated with another account. This can lead to data integrity issues when a user signs in for the first time.

Recommendations Update to version 1.5.0 or later.

Correção

LPE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-178

Identificadores relacionados

CVE-2026-3532

DRUPAL-CONTRIB-2026-027

Produtos afetados

Openid Connect / Oauth Client

Drupal/Openid Connect

PT-2026-23115 · Drupal+2 · Openid Connect / Oauth Client+1

CVE-2026-3532

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4