Primary

Context

Drupal OpenID Connect/OAuth Client Improper Case Sensitivity Handling Vulnerability Allowing Privilege Escalation

Vulnerability

A privilege escalation vulnerability has been identified in the Drupal OpenID Connect/OAuth client, affecting versions prior to 1.5.0. The issue arises from improper handling of case sensitivity, which allows users to register with the same email address as another user, potentially leading to data integrity issues. This vulnerability is categorized as an access bypass.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing users to gain elevated rights or access within the application.

Remediation

Users are advised to upgrade to OpenID Connect version 8.x-1.5. For those affected by this vulnerability, additional guidance is available on the Drupal.org page 'Fixing emails that vary only by case'.

Added: Mar 26, 2026, 9:23 PM

Updated: Mar 26, 2026, 9:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal OpenID Connect/OAuth Client Improper Case Sensitivity Handling Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating