CVE-2026-0748

Name of the Vulnerable Software and Affected Versions Drupal versions 7.x-1.0 through 7.x-1.35

Description The Internationalization (i18n) module’s i18n node submodule in Drupal allows a user possessing both “Translate content” and “Administer content translations” permissions to view and attach unpublished nodes through the translation user interface and its autocomplete widget. This circumvents intended access controls, potentially disclosing unpublished node titles and IDs. The issue arises due to insufficient access checks when handling node translations.

Recommendations Update to a version beyond 7.x-1.35.