CVE-2026-3532 PUBLISHED

Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

• Eric Smith (ericgsmith) finder
• Philip Frilling (pfrilling) remediation developer
• Greg Knaddison (greggles) coordinator
• Drew Webber (mcdruid) coordinator
• Juraj Nemec (poker10) coordinator

• https://www.drupal.org/sa-contrib-2026-027

• CWE-178 Improper Handling of Case Sensitivity CWE

• CAPEC-233 Privilege Escalation