CVE-2026-0945

NONE EPSS 0.01%

Feb 04, 2026

Updated Feb 05, 2026

Drupal

Parameter	Value
Affected Versions	before 1.5.0.
Type	CWE-267
Vendor	Drupal
Public PoC	No

Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.

Weakness Type (CWE)

CWE-267

References 1

https://www.drupal.org/sa-contrib-2026-002

mlhess@drupal.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1554

Drupal

4.2

CVE-2026-1553

Drupal

4.8

CVE-2026-0947

Drupal

4.8

CVE-2026-0946

Drupal

None

CVE-2026-0944

Drupal

5.3

CVE Details

CVE ID

CVE-2026-0945

Published Date

Feb 04, 2026

Vendor

Drupal

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.01%

Likelihood of exploitation in next 30 days

Percentile: 0.9th percentile (higher than 0.9% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-0945

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-1554

CVE-2026-1553

CVE-2026-0947

CVE-2026-0946

CVE-2026-0944

CVE Details

Editor's Choice