HomeDefault status
unaffected
0.0.0 (semver) before 1.2.10
affected
1.3.0 (semver) before 1.3.6
affected
1.4.0 (semver) before 1.4.3
affected
1.5.0 (semver) before 1.5.1
affected
1.6.0 (semver) before 1.6.4
affected
Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.
Problem types
CWE-288 Authentication Bypass Using an Alternate Path or Channel
Product status
0.0.0 (semver) before 1.2.10
1.3.0 (semver) before 1.3.6
1.4.0 (semver) before 1.4.3
1.5.0 (semver) before 1.5.1
1.6.0 (semver) before 1.6.4
Credits
Wojciech Kukowski (salmonek)
Wojciech Kukowski (salmonek)
Greg Knaddison (greggles)
Juraj Nemec (poker10)
Jess (xjm)
References
www.drupal.org/sa-contrib-2025-118