PatchSiren cyber security CVE debrief
CVE-2026-48611 phpBB CVE debrief
CVE-2026-48611 is a critical vulnerability with a CVSS score of 9.8. The vulnerability is caused by improper authentication checks in the OAuth implementation, which allows account hijacking even when OAuth is not configured or enabled. This leads to unauthorized access in default installations.
- Vendor
- phpBB
- Product
- Unknown
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of affected installations, particularly those using default configurations, should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability is caused by improper authentication checks in the OAuth implementation. This allows account hijacking even when OAuth is not configured or enabled, leading to unauthorized access in default installations.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates provided by the vendor as soon as possible.
- Review and configure OAuth settings to ensure they are properly set up and secured.
- Monitor accounts for suspicious activity and implement additional security measures if necessary.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and vector.
Official resources
-
CVE-2026-48611 CVE record
CVE.org
-
CVE-2026-48611 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-48611 was published on 2026-06-12T04:17:08.180Z and modified on 2026-06-12T16:15:57.387Z.