Skip to main content

Localgov Workflows

1 CVEs product

Monthly

CVE-2026-10768 PHP CRITICAL PATCH Act Now

Missing authorization in the Drupal LocalGov Workflows contrib module (all versions 0.0.0 through 1.6.0, fixed in 1.6.0) lets remote attackers reach protected workflow-related routes through forceful browsing without proper permission checks. The flaw carries a vendor CVSS of 9.8 (AV:N/AC:L/PR:N/UI:N), but EPSS is low (0.14%, 4th percentile) and there is no public exploit identified at time of analysis. Affected sites are Drupal deployments running this LocalGov Drupal editorial-workflow module.

Authentication Bypass Localgov Workflows
NVD
CVSS 3.1
9.8
EPSS
0.1%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Missing authorization in the Drupal LocalGov Workflows contrib module (all versions 0.0.0 through 1.6.0, fixed in 1.6.0) lets remote attackers reach protected workflow-related routes through forceful browsing without proper permission checks. The flaw carries a vendor CVSS of 9.8 (AV:N/AC:L/PR:N/UI:N), but EPSS is low (0.14%, 4th percentile) and there is no public exploit identified at time of analysis. Affected sites are Drupal deployments running this LocalGov Drupal editorial-workflow module.

Authentication Bypass Localgov Workflows
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy