Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

Affected Products

Vendor	Product	Versions
Drupal	OpenID Connect OAuth client	1.4.x

References

https://www.drupal.org/sa-contrib-2026-026

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-3531 | OpenID Connect OAuth client up to 1.4.x on Drupal authentication bypass (sa-contrib-2026-026)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-288

Published3/26/2026

Last enriched26m agov2

Trending Score20

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Version History

Last enriched 26m ago

v2Tier C26m ago

Updated vendor to Drupal, product to OpenID Connect OAuth client, affected versions to 1.4.x, severity to CRITICAL, and patch available to version 1.5.0.

vendorproductaffectedVersionspatchAvailable

via VulDB

v12h ago

Initial creation