Improper OAuth authentication checks in phpBB allow account hijacking (CVE-2026-48611)
critical-cve-against-dependency · active
A critical flaw in phpBB's OAuth implementation allows attackers to hijack accounts even on default installations where OAuth is not configured or enabled, leading to unauthorized access.