Drupal OpenID Connect/OAuth Client Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in the Drupal OpenID Connect/OAuth client, specifically in versions prior to 1.5.0. This vulnerability allows attackers to bypass authentication mechanisms, potentially leading to unauthorized access.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized users to gain access to resources or functionalities that require authentication.

Added: Mar 26, 2026, 9:53 PM

Updated: Mar 26, 2026, 9:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal OpenID Connect/OAuth Client Authentication Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating