CVE-2026-48611
9.8 CRITICALImproper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading t...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-287
Description
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-40995 — X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, ... (5.4 MEDIUM)
- CVE-2026-47166 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
- CVE-2026-46705 — Russh is a Rust SSH client & server library (5.3 MEDIUM)
- CVE-2022-48575 — A person with access to a Mac may be able to bypass Login Window (3.5 LOW)
- CVE-2026-45567 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (8.3 HIGH)