CVE-2026-48611
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48611
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-48611
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-48611
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-48611 (1)
Same Patch Batch · phpBB · 2026-06-12 · 4 CVEs total
| CVE-2026-47366 | BBPress ACP权限验证缺陷致提权 | |
| CVE-2026-48613 | phpBB <3.3.11 迁移漏洞导致SQL注入 | |
| CVE-2026-48612 | OAuth状态验证不当致账号接管 |
IV. Related Vulnerabilities
Same weakness: CWE-287
- CVE-2026-48780
Forem vulnerable to bypass of email address domain restricti - CVE-2026-12183
BUK TS-G系统2.9.1-2.10.2认证漏洞 - CVE-2026-50623
Apache CXF: Authentication Bypass in OAuth2 TokenIntrospecti - CVE-2026-40995
X.509 authentication bypasses Spring Security account checks - CVE-2026-46705
russh server userauth state is not reset when authentication
V. Comments for CVE-2026-48611
No comments yet