CVE-2026-48611

Summary

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

Affected Software

VendorProductVersion RangeStatus
phpBBphpBB3.3.0 <= 3.3.16affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication - Generic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References