PT-2026-56659 · Drupal · Login Disable

Boris Doesborg

+2

·

Published

2026-07-08

·

Updated

2026-07-10

·

CVE-2026-15079

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Drupal Login Disable versions 0.0.0 through 2.1.4
Description The Login Disable module, which restricts site access by requiring a secret key on the login form, does not sufficiently protect the form from brute force attacks. An attacker could potentially bypass this protection by guessing the secret key, depending on its length. This issue is partially mitigated because the attacker still requires a valid username and password to gain access.
Recommendations Update Drupal Login Disable to a version newer than 2.1.4 to enable flood control that blocks excessive authentication attempts.

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15079
DRUPAL-CONTRIB-2026-070

Affected Products

Login Disable