CVE-2026-48611

EUVD-2026-36375
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
hackeroneCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
phpbbphpbb
3.3.0 ≤
𝑥
≤ 3.3.16
CNA
Common Weakness Enumeration
References
https://www.phpbb.com/community/viewtopic.php?t=2672170