CVE-2026-58422
Low risk· EPSS 6%Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
An improper authorization vulnerability in the OAuth sign-in callback silently re-enables accounts that were disabled by an administrator. This bypasses access control policies without the administrator's knowledge.
Risk Assessment
The organization loses control over disabled accounts, which can be reused for unauthorized access, increasing the risk of security breaches and data loss.
Recommendation
Immediately update the system to a patched version that fixes this vulnerability. As a temporary workaround, disable OAuth login or implement additional account status verification mechanisms.
Original NVD description (English source)
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts

