{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3530", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2026-03-04T16:41:58.794Z", "datePublished": "2026-03-26T20:03:39.756Z", "dateUpdated": "2026-03-30T14:54:58.296Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-26T20:03:39.756Z"}, "title": "OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025", "datePublic": "2026-03-04T18:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "affected": [{"vendor": "Drupal", "product": "OpenID Connect / OAuth client", "collectionURL": "https://www.drupal.org/project/openid_connect", "repo": "https://git.drupalcode.org/project/openid_connect", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.<p>This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.</p>"}]}], "references": [{"url": "https://www.drupal.org/sa-contrib-2026-025"}], "credits": [{"lang": "en", "value": "Drew Webber (mcdruid)", "type": "finder"}, {"lang": "en", "value": "Drew Webber (mcdruid)", "type": "remediation developer"}, {"lang": "en", "value": "Philip Frilling (pfrilling)", "type": "remediation developer"}, {"lang": "en", "value": "Damien McKenna (damienmckenna)", "type": "coordinator"}, {"lang": "en", "value": "Greg Knaddison (greggles)", "type": "coordinator"}, {"lang": "en", "value": "Drew Webber (mcdruid)", "type": "coordinator"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "coordinator"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T14:37:28.152591Z", "id": "CVE-2026-3530", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:54:58.296Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3530", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T14:37:28.152591Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:37:48.826Z"}}], "cna": {"title": "OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "remediation developer", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "remediation developer", "value": "Philip Frilling (pfrilling)"}, {"lang": "en", "type": "coordinator", "value": "Damien McKenna (damienmckenna)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/openid_connect", "vendor": "Drupal", "product": "OpenID Connect / OAuth client", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.5.0", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/openid_connect", "defaultStatus": "unaffected"}], "datePublic": "2026-03-04T18:00:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2026-025"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.", "supportingMedia": [{"type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.<p>This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-26T20:03:39.756Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3530", "state": "PUBLISHED", "dateUpdated": "2026-03-30T14:54:58.296Z", "dateReserved": "2026-03-04T16:41:58.794Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2026-03-26T20:03:39.756Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) en el cliente Drupal OpenID Connect / OAuth permite la falsificaci\u00f3n de petici\u00f3n del lado del servidor. Este problema afecta al cliente OpenID Connect / OAuth: desde 0.0.0 anterior a 1.5.0."}], "id": "CVE-2026-3530", "lastModified": "2026-03-30T15:16:31.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T21:17:09.150", "references": [{"source": "mlhess@drupal.org", "url": "https://www.drupal.org/sa-contrib-2026-025"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,1.5.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "OpenID Connect / OAuth client", "source": "cna", "vendor": "Drupal"}, "product": "openid", "vendor": "drupal"}], "analysis": {"en": {"generated_at": "2026-03-26T22:35:43.326366+00:00", "value": {"mitigation_remediation": ["Update the OpenID Connect / OAuth client to version 1.5.0 or later on all affected Drupal sites. If an immediate upgrade is not possible, disable or restrict the module\u2019s endpoints so that only trusted users can trigger the client. Monitor outbound traffic and review logs for unexpected HTTP requests originating from the module to detect potential SSRF activity."], "summary": {"action": "Patch", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "Drupal sites that have installed the OpenID Connect / OAuth client in any version from 0.0.0 up to, but not including, 1.5.0 are exposed. All instances of this module on affected sites must be identified and remediated.", "description_and_impact": "The Drupal OpenID Connect / OAuth client contains a Server\u2011Side Request Forgery vulnerability that allows an attacker to trigger the module to make HTTP requests to arbitrary internal or external resources. This can lead to the disclosure of sensitive configuration information or support further exploitation of the target network. The weakness is classified as CWE\u2011918 and presents a potential confidentiality and integrity threat for any site using the affected module.", "risk_and_exploitability": "No publicly documented CVSS score or EPSS value is available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, an external attacker who can reach the OpenID Connect endpoints of the Drupal site can craft a request that causes the module to reach arbitrary internal services. The risk is moderate but significant, especially for sites that expose the client to untrusted traffic and have no network segmentation in place. There is no known public exploit, but the attack surface is remote and the impact can be severe if internal networks are accessed."}}}}, "created": "2026-03-27T08:32:14.543355+00:00", "updated": "2026-03-27T09:23:43.155519+00:00", "vendors": ["drupal", "drupal$PRODUCT$openid"]}