CVE-2026-3531 | OpenID Connect OAuth client up to 1.4.x on Drupal authentication bypass (sa-contrib-2026-026)

A vulnerability was found in OpenID Connect OAuth client up to 1.4.x on Drupal. It has been declared as critical. This impacts an unknown function. Executing a manipulation can lead to authentication bypass using alternate channel.

This vulnerability appears as CVE-2026-3531. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More