Vulnerability in Drupal Openid Connect / Oauth Client

CVE-2026-3531

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

EPSS: 0.001 (23.4th percentile) — read the EPSS interpretation.

Affected products

Drupal Openid Connect / Oauth Client — versions 0.0.0

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

www.drupal.org/sa-contrib-2026-026