{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3531", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2026-03-04T16:42:00.011Z", "datePublished": "2026-03-26T20:03:48.873Z", "dateUpdated": "2026-03-30T14:54:51.550Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-26T20:03:48.873Z"}, "title": "OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026", "datePublic": "2026-03-04T18:02:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "affected": [{"vendor": "Drupal", "product": "OpenID Connect / OAuth client", "collectionURL": "https://www.drupal.org/project/openid_connect", "repo": "https://git.drupalcode.org/project/openid_connect", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.<p>This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.</p>"}]}], "references": [{"url": "https://www.drupal.org/sa-contrib-2026-026"}], "credits": [{"lang": "en", "value": "Kimberley Massey (kimberleycgm)", "type": "finder"}, {"lang": "en", "value": "Kimberley Massey (kimberleycgm)", "type": "remediation developer"}, {"lang": "en", "value": "Philip Frilling (pfrilling)", "type": "remediation developer"}, {"lang": "en", "value": "Damien McKenna (damienmckenna)", "type": "coordinator"}, {"lang": "en", "value": "Greg Knaddison (greggles)", "type": "coordinator"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "coordinator"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T14:38:46.522051Z", "id": "CVE-2026-3531", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:54:51.550Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3531", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T14:38:46.522051Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:39:17.218Z"}}], "cna": {"title": "OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Kimberley Massey (kimberleycgm)"}, {"lang": "en", "type": "remediation developer", "value": "Kimberley Massey (kimberleycgm)"}, {"lang": "en", "type": "remediation developer", "value": "Philip Frilling (pfrilling)"}, {"lang": "en", "type": "coordinator", "value": "Damien McKenna (damienmckenna)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/openid_connect", "vendor": "Drupal", "product": "OpenID Connect / OAuth client", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.5.0", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/openid_connect", "defaultStatus": "unaffected"}], "datePublic": "2026-03-04T18:02:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2026-026"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.", "supportingMedia": [{"type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.<p>This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-26T20:03:48.873Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3531", "state": "PUBLISHED", "dateUpdated": "2026-03-30T14:54:51.550Z", "dateReserved": "2026-03-04T16:42:00.011Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2026-03-26T20:03:48.873Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bojanz:openid_connect_\\/_oauth_client:*:*:*:*:*:drupal:*:*", "matchCriteriaId": "4659C484-D955-4875-A0CC-3EF717150D8A", "versionEndExcluding": "8.x-1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0."}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n usando una ruta o canal alternativo en el cliente Drupal OpenID Connect / OAuth permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta al cliente OpenID Connect / OAuth: desde 0.0.0 anterior a 1.5.0."}], "id": "CVE-2026-3531", "lastModified": "2026-04-01T16:14:15.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T21:17:09.283", "references": [{"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-contrib-2026-026"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,1.5.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "OpenID Connect / OAuth client", "source": "cna", "vendor": "Drupal"}, "product": "openid", "vendor": "drupal"}], "analysis": {"en": {"generated_at": "2026-04-02T05:24:29.247573+00:00", "value": {"mitigation_remediation": ["Apply the latest patch by upgrading the OpenID Connect / OAuth client module to version 1.5.0 or newer", "If a quick upgrade is not feasible, disable or remove the module to eliminate the attack surface", "Confirm that no alternate authentication paths remain active after removal or disabling", "Continuously monitor authentication logs for suspicious activity or repeated bypass attempts"], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "Drupal site owners using the OpenID Connect / OAuth client module in any version released before 1.5.0, including the initial 0.0.0 releases, are affected. Upgrading to 1.5.0 or later resolves the issue.", "description_and_impact": "An attacker can gain access to a Drupal site without valid credentials by exploiting an alternate authentication path or channel within the OpenID Connect / OAuth client module. The flaw allows unauthorized users to impersonate legitimate accounts and potentially reach restricted or administrative functions.", "risk_and_exploitability": "The vulnerability carries a severity score of 6.5, indicating moderate risk. Exploitation likelihood is reported to be below one percent, and it has not been recorded in the known exploited vulnerabilities catalog. An attacker would most likely reach the vulnerable endpoint via a web request, so remote exploitation through the exposed OAuth client is possible and could lead to privilege escalation if left unpatched."}}}}, "created": "2026-03-27T08:32:13.639348+00:00", "updated": "2026-04-02T07:56:25.963705+00:00", "vendors": ["drupal", "drupal$PRODUCT$openid"]}