Role Delegation
CVE-2026-0945
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.
AnalysisAI
The Drupal Role Delegation module versions 1.3.0 through 1.5.0 contains an unsafe privilege definition vulnerability that permits authenticated users with delegation permissions to escalate their privileges within the application. An attacker with limited account access could exploit this flaw to gain elevated permissions and modify system settings or access restricted functionality. No patch is currently available for this vulnerability.
Technical ContextAI
Affects from 1.3.0. Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-267 – Privilege Defined With Unsafe Actions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today