CVE-2026-3530
OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
4th
Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.
| CWE | CWE-918 |
| Vendor | drupal |
| Product | openid connect / oauth client |
| Ecosystems | |
| Industries | WebMedia |
| Published | Mar 26, 2026 |
| Last Updated | Mar 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for drupal openid connect / oauth client
Be the first to know when new medium vulnerabilities affecting drupal openid connect / oauth client are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Drupal / OpenID Connect / OAuth client
0.0.0 < 1.5.0
Credits
Drew Webber (mcdruid) Drew Webber (mcdruid) Philip Frilling (pfrilling) Damien McKenna (damienmckenna) Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10)