CVE-2026-48612

8HIGH

Key Information:

Vendor: PHPbb
Status: PHPbb
Vendor: CVE Published:; 12 June 2026

What is CVE-2026-48612?

Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover.

Affected Version(s)

phpBB 3.3.0 <= 3.3.16

References

https://www.phpbb.com/community/viewtopic.php?t=2672170

CVSS V3.0

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
May 22, 2026

CVE-2026-48612 Data

JSON

PHPbb

What is CVE-2026-48612?

Affected Version(s)

References

CVSS V3.0

Timeline