CVE-2026-48611

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.3.16

Description Improper authentication checks in the OAuth implementation allow remote unauthenticated account hijacking. This issue can lead to unauthorized access in default installations, even in cases where OAuth is not configured or enabled.

Recommendations Update to version 3.3.16.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2026-48611

Affected Products

Phpbb

CVE-2026-48611

Weakness Enumeration

Related Identifiers

Affected Products

References · 4