OAuth Implementation Vulnerability in phpBB by phpBB Group
CVE-2026-48612
8HIGH
What is CVE-2026-48612?
An improper state verification vulnerability in the OAuth implementation of phpBB can be exploited by malicious actors to manipulate the authentication flow. This allows an attacker to link a victim’s account with their own, leading to unauthorized account linking and significantly increasing the risk of account takeover. It is crucial for users of phpBB to ensure their installations are updated to mitigate these risks.
Affected Version(s)
phpBB 3.3.0 <= 3.3.16
