CVE-2026-3530
MEDIUMOpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025
Title source: cnaDescription
Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.
References (1)
Scores
CVSS v3
4.3
EPSS
0.0003
EPSS Percentile
9.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (2)
bojanz/openid_connect_\/_oauth_client
< 8.x-1.5
Drupal/OpenID Connect / OAuth client
0.0.0 - 1.5.0
Published
Mar 26, 2026
Tracked Since
Mar 27, 2026