CVE-2026-3532
Received
Received - Intake
Case Sensitivity Flaw in Drupal OpenID Connect Enables Privilege Escalation
Publication date: 2026-03-26
Last updated on: 2026-04-01
Assigner: Drupal.org
Description
Description
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bojanz | openid_connect_/_oauth_client | to 8.x-1.5 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-178 | The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Handling of Case Sensitivity issue in the Drupal OpenID Connect / OAuth client. It allows privilege escalation, meaning an attacker could gain higher access rights than intended by exploiting how the system handles case sensitivity.
How can this vulnerability impact me? :
The impact of this vulnerability is privilege escalation. An attacker exploiting this flaw could gain unauthorized elevated privileges within the Drupal OpenID Connect / OAuth client, potentially compromising the security and integrity of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70