PT-2026-5205 · Drupal · Drupal Disable Login Page
Anoop John
+7
·
Published
2026-01-28
·
Updated
2026-02-06
·
CVE-2025-13986
CVSS v3.1
4.2
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Disable Login Page versions prior to 1.1.3
Description
An authentication bypass issue exists in Drupal Disable Login Page, allowing functionality bypass through an alternate path or channel. This allows attackers to circumvent login requirements.
Recommendations
Update Drupal Disable Login Page to version 1.1.3 or later.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Disable Login Page