Home

Description

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2.

PUBLISHED Reserved 2026-06-24 | Published 2026-07-10 | Updated 2026-07-13 | Assigner drupal

Problem types

CWE-863 Incorrect Authorization

Product status

0.0.0 (semver) before 3.0.2
affected

Credits

Bill Seremetis (bserem) finder

Alan Burke (alanburke) remediation developer

Bill Seremetis (bserem) remediation developer

Jaime Seuma (jaims-dev) remediation developer

Greg Knaddison (greggles) coordinator

Drew Webber (mcdruid) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2026-058

cve.org (CVE-2026-13238)

nvd.nist.gov (CVE-2026-13238)

Download JSON