CVE-2026-8491 | THREATINT

Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-19 | Updated 2026-05-20 | Assigner drupal

Problem types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Product status

Default status

unaffected

0.0.0 (semver) before 1.7.0

affected

2.0.0 (semver) before 2.0.1

affected

Credits

Adam Shepherd (adamps) finder

BÃ¡lint Nagy (nagy.balint) remediation developer

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2026-034

cve.org (CVE-2026-8491)

nvd.nist.gov (CVE-2026-8491)

Download JSON