Drupal OIDC/OAuth Client <=1.4 Privilege Escalation via Case Sensitivity: CVE-2026-3532 March 2026

OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

Vulnerability Analysis

CVE-2026-3532 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Improper Handling of Case Sensitivity

The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

Affected Versions

Exploit Probability

EPSS

0.03%

Percentile

7.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Drupal OIDC/OAuth Client <=1.4 Privilege Escalation via Case SensitivityCVE-2026-3532 Published on March 26, 2026

Vulnerability Analysis

Weakness Type

Improper Handling of Case Sensitivity

Affected Versions

Exploit Probability

Drupal OIDC/OAuth Client <=1.4 Privilege Escalation via Case Sensitivity
CVE-2026-3532 Published on March 26, 2026