CVE Catalog

CVE-2026-58422

Low risk· EPSS 6%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

An improper authorization vulnerability in the OAuth sign-in callback silently re-enables accounts that were disabled by an administrator. This bypasses access control policies without the administrator's knowledge.

Risk Assessment

The organization loses control over disabled accounts, which can be reused for unauthorized access, increasing the risk of security breaches and data loss.

Recommendation

Immediately update the system to a patched version that fixes this vulnerability. As a temporary workaround, disable OAuth login or implement additional account status verification mechanisms.

Original NVD description (English source)

Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts

Vulnerability data from NVD (NIST) · CISA KEV · EPSS