CVE-2026-3532

CVE-2026-3532: OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027

Vendor Drupal
Product OpenID Connect / OAuth client
Weakness CWE-178
Published March 26, 2026
Last update March 27, 2026

CVSS base score

What the vulnerability does

01Description

Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

Explanation of Vulnerability in Simple Terms

02Summary

A vulnerability exists in the Drupal OpenID Connect / OAuth client module affecting versions before 1.5.0. The specific attack vector and impact cannot be fully determined due to incomplete CVSS and CWE data. Site administrators should update to version 1.5.0 or later. Contact the module maintainer for detailed security guidance if you cannot update immediately.

What an attacker can do

03Attacker Capabilities

Unknown due to missing CVSS vector data.

Potential impact on your site

04Site Impact

Sites running the affected module may be at risk; update to 1.5.0 or later to remediate.

Conditions required to exploit

05Prerequisites

Unknown due to missing CVSS vector data.

Key dates

06Disclosure timeline

March 26, 2026 CVE published
March 27, 2026 Record updated

Related vulnerabilities

08Related CVE