CVE-2026-4587

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions HybridAuth versions up to 3.12.2

Description A flaw exists in HybridAuth related to improper certificate validation within the SSL Handler component. This is due to the manipulation of the curlOptions argument in the src/HttpClient/Curl.php file. The issue is remotely exploitable and is considered to have high complexity and difficult exploitability. The project was notified of the issue but has not yet responded.

Recommendations Update HybridAuth to a version beyond 3.12.2.

Fix

Improper Certificate Validation

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295CWE-287

Related Identifiers

CVE-2026-4587

GHSA-R3HF-Q3MF-7H6W

Affected Products

Hybridauth

CVE-2026-4587

Weakness Enumeration

Related Identifiers

Affected Products

References · 8