PT-2026-23115 · Drupal+2 · Openid Connect / Oauth Client+1
Drew Webber
+4
·
Published
2026-03-04
·
Updated
2026-03-26
·
CVE-2026-3532
CVSS v3.1
4.2
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal OpenID Connect / OAuth client versions prior to 1.5.0
Description
A flaw exists in the OpenID Connect / OAuth client module that allows for privilege escalation due to improper handling of case sensitivity. The module does not adequately validate the uniqueness of user fields, potentially allowing a user to register with an email address already associated with another account. This can lead to data integrity issues when a user signs in for the first time.
Recommendations
Update to version 1.5.0 or later.
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openid Connect / Oauth Client
Drupal/Openid Connect