PT-2026-28676 · Drupal · Drupal

Andre Groendijk

+4

·

Publicado

2026-03-11

·

Atualizado

2026-03-26

·

CVE-2026-4933

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Drupal versions prior to 1.7.0
Description An incorrect authorization issue exists in Drupal’s Unpublished Node Permissions, allowing forceful browsing. The problem relates to inconsistent access control for unpublished translated nodes. The module, designed to manage permissions for unpublished nodes per content type, does not consistently enforce these controls.
Recommendations Update to version 1.7.0 or later.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2026-4933
DRUPAL-CONTRIB-2026-029

Produtos afetados

Drupal