Skip to main content

Wisski

1 CVEs product

Monthly

CVE-2026-13239 PHP MEDIUM PATCH This Month

Missing authorization controls in Drupal WissKI versions prior to 4.2.0 enable unauthenticated remote attackers to perform forceful browsing - directly accessing restricted resources by guessing or enumerating URLs without undergoing proper authorization checks. The affected versions span the entire release history from 0.0.0 through 4.2.0, making all prior deployments vulnerable. SSVC assessment confirms no active exploitation at time of analysis, and the EPSS score of 0.13% (3rd percentile) suggests very low real-world exploitation probability despite the automatable nature of the attack.

Authentication Bypass Wisski
NVD
CVSS 3.1
6.5
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Missing authorization controls in Drupal WissKI versions prior to 4.2.0 enable unauthenticated remote attackers to perform forceful browsing - directly accessing restricted resources by guessing or enumerating URLs without undergoing proper authorization checks. The affected versions span the entire release history from 0.0.0 through 4.2.0, making all prior deployments vulnerable. SSVC assessment confirms no active exploitation at time of analysis, and the EPSS score of 0.13% (3rd percentile) suggests very low real-world exploitation probability despite the automatable nature of the attack.

Authentication Bypass Wisski
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy