πŸ” CVE Alert

CVE-2026-48612

HIGH 8.0
CVSS Score
8.0
EPSS Score
0.0%
EPSS Percentile
0th

Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover.

CWE CWE-352
Vendor phpbb
Product phpbb
Published Jun 12, 2026
Stay Ahead of the Next One

Get instant alerts for phpbb phpbb

Be the first to know when new high vulnerabilities affecting phpbb phpbb are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected Versions

phpBB / phpBB
3.3.0 ≀ 3.3.16

References

NVD β†— CVE.org β†— EPSS Data β†—
phpbb.com: https://www.phpbb.com/community/viewtopic.php?t=2672170