Andrei Mateescu

**Name of the Vulnerable Software and Affected Versions** Drupal Core versions prior to 8.8.10 Drupal Core versions prior to 8.9.6 Drupal Core versions prior to 9.0.6 **Description** The issue is an access bypass vulnerability in the Workspaces module of Drupal Core, which fails to properly check access permissions when switching workspaces. This could allow an attacker to access data without the correct permissions, potentially viewing content before it is intended to be seen. The vulnerability is mitigated by the fact that only sites with the experimental Workspaces module installed are affected. **Recommendations** For versions prior to 8.8.10, update to version 8.8.10 or later. For versions prior to 8.9.6, update to version 8.9.6 or later. For versions prior to 9.0.6, update to version 9.0.6 or later.