CVE-2026-0944 | THREATINT

Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4.

PUBLISHED Reserved 2026-01-14 | Published 2026-02-04 | Updated 2026-02-04 | Assigner drupal

Problem types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Product status

Default status

unaffected

0.0.0 (semver) before 2.3.9

affected

3.0.0 (semver) before 3.0.4

affected

4.0.0 (semver) before 4.0.4

affected

Credits

Kevin Quillen (kevinquillen) finder

eduardo morales alberti remediation developer

Kevin Quillen (kevinquillen) remediation developer

Nikolay Lobachev (lobsterr) remediation developer

Ricardo Sanz Ante (tunic) remediation developer

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2026-001

cve.org (CVE-2026-0944)

nvd.nist.gov (CVE-2026-0944)

Download JSON