CVE-2026-48611NVD

Vulnerability Summary

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

Severity Level

CRITICAL(9.8)

Published Date

Jun 12, 2026

Last Modified

Jun 12, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-287: Improper Authentication ↗

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVSS v3.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://www.phpbb.com/community/viewtopic.php?t=2672170

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-48611NVD

Vulnerability Summary

External References