CVE-2026-48611

Published: Jun 12, 2026Modified: Jun 12, 2026Deferred

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: support@hackerone.com (Secondary)

Description

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (1)

https://www.phpbb.com/community/viewtopic.php?t=2672170

Source: support@hackerone.com

Timeline

No history available yet.