anonhaven
Ad

CVE-2026-0944

MEDIUM CVSS 3.1: 5.3 EPSS 0.04%
Updated Feb 05, 2026
Drupal
Parameter Value
CVSS 5.3 (MEDIUM)
Affected Versions before 2.3.9
Type CWE-754
Vendor Drupal
Public PoC No

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4.

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Privileges Required
None
Права не нужны
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
Low
Частичная утечка данных
Integrity
None
Нет модификации данных
Availability
None
Нет нарушения работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-754

References 1

https://www.drupal.org/sa-contrib-2026-001
mlhess@drupal.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1554

Drupal

4.2

CVE-2026-1553

Drupal

4.8

CVE-2026-0947

Drupal

4.8

CVE-2026-0946

Drupal

None

CVE-2026-0945

Drupal

None