CVE-2026-48611

CRITICAL 9.8

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

CWE	CWE-287
Vendor	phpbb
Product	phpbb
Published	Jun 12, 2026

Stay Ahead of the Next One

Get instant alerts for phpbb phpbb

Be the first to know when new critical vulnerabilities affecting phpbb phpbb are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Versions

phpBB / phpBB

3.3.0 ≤ 3.3.16

References

NVD ↗ CVE.org ↗ EPSS Data ↗

phpbb.com: https://www.phpbb.com/community/viewtopic.php?t=2672170