CVE-2026-3532

Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.drupal.org/sa-contrib-2026-027	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:bojanz:openid_connect_\/_oauth_client:*:*:*:*:*:drupal:*:*

History

01 Apr 2026, 16:14

Type	Values Removed	Values Added
References	~~() https://www.drupal.org/sa-contrib-2026-027 -~~	() https://www.drupal.org/sa-contrib-2026-027 - Vendor Advisory
CPE		cpe:2.3:a:bojanz:openid_connect_\/_oauth_client::::::drupal::*
First Time		Bojanz openid Connect \/ Oauth Client Bojanz

27 Mar 2026, 15:17

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de manejo incorrecto de la sensibilidad a mayúsculas y minúsculas en el cliente Drupal OpenID Connect / OAuth permite la escalada de privilegios. Este problema afecta al cliente OpenID Connect / OAuth: desde la 0.0.0 anterior a la 1.5.0.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.2

26 Mar 2026, 21:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-26 21:17

Updated : 2026-04-01 16:14

NVD link : CVE-2026-3532

Mitre link : CVE-2026-3532

CVE.ORG link : CVE-2026-3532

JSON object : View

Products Affected

bojanz

openid_connect_\/_oauth_client

CWE

CWE-178

Improper Handling of Case Sensitivity

4.2 /10