SSRF in Drupal Openid Connect / Oauth Client

CVE-2026-3530

Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (12.2th percentile) — read the EPSS interpretation.

Affected products

Drupal Openid Connect / Oauth Client — versions 0.0.0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

www.drupal.org/sa-contrib-2026-025