Main Vulnerability Database Vulnerabilities #VU123567

#VU123567 Improper access control in OpenID Connect / OAuth client - CVE-2026-3532

Published: March 5, 2026

Vulnerability identifier: #VU123567

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-3532

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenID Connect / OAuth client

Software vendor:
pfrilling

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected module does not sufficiently validate the uniqueness of certain user fields depending on the database engine and its collation. A remote user can register with the same email address as another user.

Remediation

Install updates from vendor's website.

External links

https://www.drupal.org/sa-contrib-2026-027

#VU123567 Improper access control in OpenID Connect / OAuth client - CVE-2026-3532

Description

Remediation

External links

Please verify you're human