5.3
CVE-2026-0748
- EPSS 0.41%
- Veröffentlicht 26.03.2026 21:17:37
- Zuletzt bearbeitet 01.04.2026 16:22:14
- Quelle mlhess@drupal.org
- CVE-Watchlists
- Unerledigt
LoginAccess bypass in Drupal 7 i18n_node translation UI
In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls and discloses unpublished node titles and IDs. Exploit affects versions 7.x-1.0 up to and including 7.x-1.35.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Internationalization Project ≫ Internationalization SwPlatformdrupal Version >= 7.x-1.0 <= 7.x-1.35
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.321 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| mlhess@drupal.org | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://www.herodevs.com/vulnerability-directory/cve-2026-0748
https://d7es.tag1.com/node/86
https://www.herodevs.com/vulnerability-directory/cve-2026-0748?nes-for-drupal-7