CVE Catalog
CVE-2026-48611
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.08%
23th percentile — higher than 23% of all known CVEs
Summary
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled, leading to unauthorized access in default installations.
Risk Assessment
Organizations may be exposed to unauthorized access to user accounts, potentially resulting in data loss or privacy breaches.
Recommendation
It is recommended to review and enhance authentication mechanisms and monitor user account access to minimize the risk of account hijacking.
Original NVD description (English source)
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

