CVE-2026-0748

UNKNOWN 0.0

Access bypass in Drupal 7 i18n_node translation UI

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

9th

In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls and discloses unpublished node titles and IDs. Exploit affects versions 7.x-1.0 up to and including 7.x-1.35.

CWE	CWE-284
Vendor	drupal
Product	internationalization (i18n) - i18n_node submodule
Ecosystems	PHP CMS
Industries	WebMedia
Published	Mar 26, 2026
Last Updated	Mar 27, 2026

Stay Ahead of the Next One

Get instant alerts for drupal internationalization (i18n) - i18n_node submodule

Be the first to know when new unknown vulnerabilities affecting drupal internationalization (i18n) - i18n_node submodule are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Drupal / Internationalization (i18n) - i18n_node submodule

7.x-1.0 ≤ 7.x-1.35

References

NVD ↗ CVE.org ↗ EPSS Data ↗

herodevs.com: https://www.herodevs.com/vulnerability-directory/cve-2026-0748 d7es.tag1.com: https://d7es.tag1.com/node/86 herodevs.com: https://www.herodevs.com/vulnerability-directory/cve-2026-0748?nes-for-drupal-7

Credits

Tatár Balázs János (tatarbj)