Is PHP affected by CVE-2026-4587?

CVE-2026-4587 is a low-severity vulnerability in HybridAuth (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

CVE-2026-4587

EUVD-2026-14425 LOW

2026-03-23 VulDB

GHSA-r3hf-q3mf-7h6w

3.7

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 23, 2026 - 13:00 vuln.today

EUVD ID Assigned

Mar 23, 2026 - 13:00 euvd

EUVD-2026-14425

CVE Published

Mar 23, 2026 - 12:46 nvd

LOW 3.7

Description

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The project was informed of the problem early through an issue report but has not responded yet.

Analysis

HybridAuth versions up to 3.12.2 contain an improper certificate validation vulnerability in the SSL Handler component (src/HttpClient/Curl.php) where manipulation of curlOptions arguments bypasses SSL/TLS certificate verification. This affects any application using HybridAuth for authentication, allowing attackers to conduct man-in-the-middle attacks against remote authentication flows. …

Remediation

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +18

POC: 0

CVE-2026-4587 vulnerability details – vuln.today

Back

CVE-2026-4587

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-4587

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code