Home

Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.

PUBLISHED Reserved 2025-12-17 | Published 2026-01-28 | Updated 2026-01-28 | Assigner drupal

Problem types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Product status

Default status
unaffected

0.0.0 (semver) before 9.3.13
affected

10.0.0 (semver) before 10.0.2
affected

11.0.0 (semver) before 11.0.1
affected

Credits

mxh finder

Adriano Cori (aronne) remediation developer

mxh remediation developer

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2025-126

cve.org (CVE-2025-14840)

nvd.nist.gov (CVE-2025-14840)

Download JSON