PT-2026-6544 · Drupal+1 · Login Disable+1
Boris Doesborg
+3
·
Published
2026-02-04
·
Updated
2026-03-25
·
CVE-2026-1917
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Login Disable versions prior to 2.1.3
Description
A flaw exists in the Login Disable module where the access key check is bypassed when using the HTTP request login route. This allows users to log in without providing the required access key, potentially compromising site security.
Recommendations
Update the Login Disable module to version 2.1.3 or later.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Login Disable
Drupal Login Disable