CVE-2026-48611

Published Jun 12, 2026

Last updated 4 days ago

CVSS critical 9.8

Overview

Description
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
Source
support@hackerone.com
NVD status
Deferred

Risk scores

CVSS 3.0

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

support@hackerone.com
CWE-287

Social media

Hype score
Not currently trending

  1. 🚨*CVE* CVE-2026-48611 Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in defa… https://t.co/NKtWaqt5v5 ----- Traducción: CVE-2026-48611 Ver… https://t.co/utmtNg

    @infoflowcloud

    12 Jun 2026

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.