PT-2026-5242 · Drupal · Drupal/Canvas

Alex Bronstein

Publicado

2026-01-28

Atualizado

2026-02-04

CVE-2026-1553

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions prior to 1.0.4

Description The Drupal Canvas module has an authorization issue that allows forceful browsing of Canvas Pages when they are unpublished. The module does not adequately validate access to Canvas Pages, potentially allowing unauthorized access. This is mitigated by the fact that content moderation is not enabled by default and archiving is not a feature of the module.

Recommendations Update to Drupal Canvas version 1.0.4 or later.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2026-1553

DRUPAL-CONTRIB-2026-006

Produtos afetados

Drupal/Canvas

PT-2026-5242 · Drupal · Drupal/Canvas

CVE-2026-1553

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7