PT-2026-2978 · Drupal+2 · Group Invite+1
Greg Knaddison
+3
·
Published
2026-01-14
·
Updated
2026-02-04
·
CVE-2026-0944
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Group invite versions 0.0.0 through 2.3.8
Drupal Group invite versions 3.0.0 through 3.0.3
Drupal Group invite versions 4.0.0 through 4.0.3
Description
An improper check for unusual or exceptional conditions exists in the Group invite module, potentially allowing forceful browsing. The issue arises from insufficient access checks under specific circumstances, which could allow unauthorized users to access group content. This is mitigated by the fact that the vulnerability only occurs when uncommon actions are taken by a user with permission to create group invites.
Recommendations
Update Drupal Group invite to version 2.3.9 or later.
Update Drupal Group invite to version 3.0.4 or later.
Update Drupal Group invite to version 4.0.4 or later.
Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Group Invite
Drupal/Ginvite