Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.
AnalysisAI
The Drupal OpenID Connect / OAuth client module versions prior to 1.5.0 contains a Server-Side Request Forgery (SSRF) vulnerability that allows remote attackers to make arbitrary HTTP requests from the affected server. This vulnerability affects all installations running OpenID Connect / OAuth client versions 0.0.0 through 1.5.0, and attackers can leverage the SSRF to access internal services, retrieve sensitive metadata, or interact with backend systems not directly accessible from the internet. No public exploit code or active exploitation has been confirmed at the time of analysis, though the vulnerability affects a widely-deployed Drupal authentication module.
Technical ContextAI
The OpenID Connect / OAuth client module for Drupal (CPE: cpe:2.3:a:drupal:openid_connect_/_oauth_client:*:*:*:*:*:*:*:*) implements authentication integration with external identity providers via the OpenID Connect and OAuth 2.0 protocols. The vulnerability is classified as CWE-918 (Server-Side Request Forgery), which occurs when the application fails to properly validate or restrict HTTP requests initiated by the server itself. In the context of OAuth/OIDC implementations, SSRF typically arises when the module constructs redirect URIs, fetches metadata from issuer endpoints, or validates tokens without adequately sanitizing user-controlled input or enforcing strict network policy controls. This allows an attacker to manipulate the module into requesting resources from arbitrary URLs, including internal network addresses or metadata endpoints.
RemediationAI
Upgrade the Drupal OpenID Connect / OAuth client module to version 1.5.0 or later, which contains the security fix for this SSRF vulnerability. Visit the module's project page on Drupal.org and download the patched release, then apply the update via Drupal's module update mechanism or manual file replacement. Consult the official advisory at https://www.drupal.org/sa-contrib-2026-025 for detailed upgrade instructions. As an interim measure on systems where immediate patching is not feasible, restrict outbound network access from the Drupal server using host-based firewalls or network segmentation to limit the impact of any successful SSRF exploit, and disable the OpenID Connect / OAuth client module if authentication can be temporarily managed through alternative methods. Additionally, monitor Drupal access logs for unusual redirect URI patterns or requests to internal IP ranges that may indicate exploitation attempts.
More in Openid Connect Oauth Client
View allDrupal OpenID Connect / OAuth client versions before 1.5.0 contain an authentication bypass vulnerability that allows at
Improper case sensitivity handling in the Drupal OpenID Connect / OAuth client module versions prior to 1.5.0 allows pri
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16385
GHSA-2mq5-fr5w-rr29