CVE-2026-3532

Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. The module doesn't sufficiently validate the uniqueness of certain user fields depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues.

Vulnerabilidad de manejo incorrecto de la sensibilidad a mayúsculas y minúsculas en el cliente Drupal OpenID Connect / OAuth permite la escalada de privilegios. Este problema afecta al cliente OpenID Connect / OAuth: desde la 0.0.0 anterior a la 1.5.0.