Skip to content

CVE lookup

CVE-2026-48611

Pruva has a verified reproduction for CVE-2026-48611: phpBB authentication bypass/account hijacking via OAuth login-link flow with arbitrary auth_provider=apache. The canonical evidence record is REPRO-2026-00223.

REPRO

REPRO-2026-00223

Package

phpbb/phpbb · github

Severity

CRITICAL

Status

published