Bug 2451945 (CVE-2026-3531)
| Summary: | CVE-2026-3531 drupal: OpenID Connect / OAuth client: Drupal OpenID Connect / OAuth client: Authentication Bypass via an alternate path or channel | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Drupal OpenID Connect / OAuth client. This authentication bypass vulnerability allows an attacker to bypass authentication by using an alternate path or channel. This can lead to unauthorized access to resources or functionalities protected by the authentication mechanism.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2451975, 2451976 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-03-26 21:03:20 UTC
|