PT-2026-27123 · Unknown · Hybridauth

Jstyles

Publicado

2026-03-23

Atualizado

2026-03-23

CVE-2026-4587

CVSS v3.1

3.7

Baixa

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions HybridAuth versions up to 3.12.2

Description A flaw exists in HybridAuth related to improper certificate validation within the SSL Handler component. This is due to the manipulation of the curlOptions argument in the src/HttpClient/Curl.php file. The issue is remotely exploitable and is considered to have high complexity and difficult exploitability. The project was notified of the issue but has not yet responded.

Recommendations Update HybridAuth to a version beyond 3.12.2.

Correção

Improper Certificate Validation

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295CWE-287

Identificadores relacionados

CVE-2026-4587

GHSA-R3HF-Q3MF-7H6W

Produtos afetados

Hybridauth

PT-2026-27123 · Unknown · Hybridauth

CVE-2026-4587

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8