CVE-2026-4587

LOW 3.7

HybridAuth SSL Curl.php certificate validation

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-295 CWE-287
Vendor	n/a
Product	hybridauth
Published	Mar 23, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for n/a hybridauth

Be the first to know when new low vulnerabilities affecting n/a hybridauth are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / HybridAuth

3.12.0 3.12.1 3.12.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.352423 vuldb.com: https://vuldb.com/?ctiid.352423 vuldb.com: https://vuldb.com/?submit.775463 github.com: https://github.com/hybridauth/hybridauth/issues/1444 github.com: https://github.com/hybridauth/hybridauth/

Credits

🔍 jstyles (VulDB User)