CVE lookup
CVE-2026-48611
Pruva has a verified reproduction for CVE-2026-48611: phpBB authentication bypass/account hijacking via OAuth login-link flow with arbitrary auth_provider=apache. The canonical evidence record is REPRO-2026-00223.
REPRO
REPRO-2026-00223
Package
phpbb/phpbb · github
Severity
CRITICAL
Status
published