{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3532", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2026-03-04T16:42:01.310Z", "datePublished": "2026-03-26T20:04:03.160Z", "dateUpdated": "2026-03-27T13:53:59.637Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-26T20:04:03.160Z"}, "title": "OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027", "datePublic": "2026-03-04T18:02:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-178", "description": "CWE-178 Improper Handling of Case Sensitivity", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "Drupal", "product": "OpenID Connect / OAuth client", "collectionURL": "https://www.drupal.org/project/openid_connect", "repo": "https://git.drupalcode.org/project/openid_connect", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.<p>This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.</p>"}]}], "references": [{"url": "https://www.drupal.org/sa-contrib-2026-027"}], "credits": [{"lang": "en", "value": "Eric Smith (ericgsmith)", "type": "finder"}, {"lang": "en", "value": "Philip Frilling (pfrilling)", "type": "remediation developer"}, {"lang": "en", "value": "Greg Knaddison (greggles)", "type": "coordinator"}, {"lang": "en", "value": "Drew Webber (mcdruid)", "type": "coordinator"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "coordinator"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T13:53:56.616725Z", "id": "CVE-2026-3532", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T13:53:59.637Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Eric Smith (ericgsmith)"}, {"lang": "en", "type": "remediation developer", "value": "Philip Frilling (pfrilling)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/openid_connect", "vendor": "Drupal", "product": "OpenID Connect / OAuth client", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.5.0", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/openid_connect", "defaultStatus": "unaffected"}], "datePublic": "2026-03-04T18:02:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2026-027"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.", "supportingMedia": [{"type": "text/html", "value": "Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.<p>This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-178", "description": "CWE-178 Improper Handling of Case Sensitivity"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-26T20:04:03.160Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3532", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T13:53:56.616725Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-27T13:53:51.431Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-3532", "state": "PUBLISHED", "dateUpdated": "2026-03-26T20:04:03.160Z", "dateReserved": "2026-03-04T16:42:01.310Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2026-03-26T20:04:03.160Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bojanz:openid_connect_\\/_oauth_client:*:*:*:*:*:drupal:*:*", "matchCriteriaId": "4659C484-D955-4875-A0CC-3EF717150D8A", "versionEndExcluding": "8.x-1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0."}, {"lang": "es", "value": "Vulnerabilidad de manejo incorrecto de la sensibilidad a may\u00fasculas y min\u00fasculas en el cliente Drupal OpenID Connect / OAuth permite la escalada de privilegios. Este problema afecta al cliente OpenID Connect / OAuth: desde la 0.0.0 anterior a la 1.5.0."}], "id": "CVE-2026-3532", "lastModified": "2026-04-01T16:14:44.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T21:17:09.420", "references": [{"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-contrib-2026-027"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-178"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,1.5.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "OpenID Connect / OAuth client", "source": "cna", "vendor": "Drupal"}, "product": "openid", "vendor": "drupal"}], "analysis": {"en": {"generated_at": "2026-04-02T05:23:53.115699+00:00", "value": {"mitigation_remediation": ["Upgrade the Drupal OpenID Connect / OAuth client module to version\u202f1.5.0 or newer.", "If an upgrade cannot be performed immediately, limit access to privileged roles until the patch is applied.", "Monitor Drupal security advisories and vendor announcements for additional guidance."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Drupal sites that use the OpenID Connect / OAuth client module versions older than 1.5.0 are affected. The vulnerability applies to all releases from the initial 0.0.0 up to, but not including, 1.5.0.", "description_and_impact": "The Drupal OpenID Connect / OAuth client module contains an improper handling of case sensitivity that allows an attacker to bypass authentication checks. This flaw is a CWE\u2011178 violation and can be exploited to attain privileges higher than those originally granted. As a result, an attacker controlling authentication requests can achieve privilege escalation on a Drupal site.", "risk_and_exploitability": "The CVSS base score of 4.2 indicates a moderate severity, and the EPSS score of less than 1\u202f% suggests that exploitation is unlikely. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would need to manipulate the authentication flow of the OAuth client, likely by sending requests that differ only in case, to trigger the bypass. Because the flaw lies in the client\u2019s input processing, exploitation requires access to the identity provider integration or direct control over the module\u2019s authentication inputs, which limits the scope of potential attacks."}}}}, "created": "2026-03-27T08:32:12.653900+00:00", "updated": "2026-04-02T07:56:25.071772+00:00", "vendors": ["drupal", "drupal$PRODUCT$openid"]}