Home

Description

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4.

PUBLISHED Reserved 2026-07-08 | Published 2026-07-10 | Updated 2026-07-13 | Assigner drupal

Problem types

CWE-307 Improper Restriction of Excessive Authentication Attempts

Product status

0.0.0 (semver) before 2.1.4
affected

Credits

Pierre Rudloff (prudloff) finder

Boris Doesborg (batigolix) remediation developer

Greg Knaddison (greggles) coordinator

Pierre Rudloff (prudloff) coordinator

References

www.drupal.org/sa-contrib-2026-070

cve.org (CVE-2026-15079)

nvd.nist.gov (CVE-2026-15079)

Download JSON