CVE Catalog

CVE-2026-48611

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.08%

23th percentile — higher than 23% of all known CVEs

Summary

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled, leading to unauthorized access in default installations.

Risk Assessment

Organizations may be exposed to unauthorized access to user accounts, potentially resulting in data loss or privacy breaches.

Recommendation

It is recommended to review and enhance authentication mechanisms and monitor user account access to minimize the risk of account hijacking.

Original NVD description (English source)

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS