Vulnerability Details CVE-2026-3531
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.7%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-3531
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:2.0.0
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:3.0.0
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:7.x-1.0
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:7.x-1.1
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:7.x-1.2
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:7.x-1.3
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:8.x-1.0
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:8.x-1.1
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:8.x-1.2
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:8.x-1.3
-
cpe:2.3:a:bojanz:openid_connect_/_oauth_client:8.x-1.4