Skip to main content

Unpublished Node Permissions

1 CVEs product

Monthly

CVE-2026-4933 PHP HIGH PATCH This Week

Unpublished Node Permissions module for Drupal versions prior to 1.7.0 contains an incorrect authorization vulnerability (CWE-863) that permits forceful browsing of unpublished nodes by bypassing access controls. Attackers can view content that should be restricted to specific user roles by directly accessing node URLs, circumventing the module's permission enforcement logic. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Unpublished Node Permissions
NVD
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unpublished Node Permissions module for Drupal versions prior to 1.7.0 contains an incorrect authorization vulnerability (CWE-863) that permits forceful browsing of unpublished nodes by bypassing access controls. Attackers can view content that should be restricted to specific user roles by directly accessing node URLs, circumventing the module's permission enforcement logic. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Unpublished Node Permissions
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy