CVE-2026-48611 | THREATINT – Canadian Cyber Watch

Description

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

PUBLISHED Reserved 2026-05-22 | Published 2026-06-12 | Updated 2026-06-12 | Assigner hackerone

CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-287 Improper Authentication – Generic

Product status

Default status
unaffected

3.3.0 (semver)
affected

References

www.phpbb.com/community/viewtopic.php?t=2672170

cve.org (CVE-2026-48611)

nvd.nist.gov (CVE-2026-48611)

Download JSON

Source link

What's Hot

CIS Controls Community Volunteer Spotlight: Diego Bolatti

Infosec News Nuggets — June 12, 2026 – AboutDFIR – The Definitive Compendium Project

From Canary Intelligence to C2 – Mapping an Attack Fleet with Target Intelligence | Blog

CISA Adds One Known Exploited Vulnerability to Catalog

FreePBX security advisory (AV26–596) – Canadian Centre for Cyber Security

SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1

Catchy & Intriguing

IP Address Investigations and Local OSINT

Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

Most Popular