Ghostwire

CVE-2026-48611: Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or...

CRITICAL CVSS 9.5

Published: June 12, 2026 | Last Modified: June 12, 2026

Description

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

Ghostwire Analysis — What This Means Practically

Critical CVSS score indicates maximum severity — remote code execution, authentication bypass, or complete system compromise is likely possible.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

www.tenable.com/cve/CVE-2026-48611
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-48611