CVE-2026-4933
Received
Received - Intake
Incorrect Authorization in Drupal Unpublished Node Permissions Allows Access
Publication date: 2026-03-26
Last updated on: 2026-04-01
Assigner: Drupal.org
Description
Description
Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeroenb | unpublished_node_permissions | to 8.x-1.7 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Authorization issue in the Drupal Unpublished Node Permissions module. It allows Forceful Browsing, meaning an attacker can access unpublished content that should normally be restricted.
How can this vulnerability impact me? :
The vulnerability can allow unauthorized users to view unpublished nodes or content in a Drupal site, potentially exposing sensitive or private information that was not intended to be publicly accessible.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70