Skip to main content

Openid Connect Oauth Client CVE-2026-3530

| EUVDEUVD-2026-16385 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-03-26 drupal GHSA-2mq5-fr5w-rr29
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 20:31 euvd
EUVD-2026-16385
Analysis Generated
Mar 26, 2026 - 20:31 vuln.today
CVE Published
Mar 26, 2026 - 20:03 nvd
MEDIUM 4.3

DescriptionCVE.org

Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

AnalysisAI

The Drupal OpenID Connect / OAuth client module versions prior to 1.5.0 contains a Server-Side Request Forgery (SSRF) vulnerability that allows remote attackers to make arbitrary HTTP requests from the affected server. This vulnerability affects all installations running OpenID Connect / OAuth client versions 0.0.0 through 1.5.0, and attackers can leverage the SSRF to access internal services, retrieve sensitive metadata, or interact with backend systems not directly accessible from the internet. No public exploit code or active exploitation has been confirmed at the time of analysis, though the vulnerability affects a widely-deployed Drupal authentication module.

Technical ContextAI

The OpenID Connect / OAuth client module for Drupal (CPE: cpe:2.3:a:drupal:openid_connect_/_oauth_client:*:*:*:*:*:*:*:*) implements authentication integration with external identity providers via the OpenID Connect and OAuth 2.0 protocols. The vulnerability is classified as CWE-918 (Server-Side Request Forgery), which occurs when the application fails to properly validate or restrict HTTP requests initiated by the server itself. In the context of OAuth/OIDC implementations, SSRF typically arises when the module constructs redirect URIs, fetches metadata from issuer endpoints, or validates tokens without adequately sanitizing user-controlled input or enforcing strict network policy controls. This allows an attacker to manipulate the module into requesting resources from arbitrary URLs, including internal network addresses or metadata endpoints.

RemediationAI

Upgrade the Drupal OpenID Connect / OAuth client module to version 1.5.0 or later, which contains the security fix for this SSRF vulnerability. Visit the module's project page on Drupal.org and download the patched release, then apply the update via Drupal's module update mechanism or manual file replacement. Consult the official advisory at https://www.drupal.org/sa-contrib-2026-025 for detailed upgrade instructions. As an interim measure on systems where immediate patching is not feasible, restrict outbound network access from the Drupal server using host-based firewalls or network segmentation to limit the impact of any successful SSRF exploit, and disable the OpenID Connect / OAuth client module if authentication can be temporarily managed through alternative methods. Additionally, monitor Drupal access logs for unusual redirect URI patterns or requests to internal IP ranges that may indicate exploitation attempts.

Share

CVE-2026-3530 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy