๐Ÿ” CVE Alert

CVE-2026-10768

CRITICAL 9.8

LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

CVSS Score
9.8
EPSS Score
0.1%
EPSS Percentile
4th

Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0.

CWE CWE-862
Vendor drupal
Product localgov workflows
Ecosystems
Industries
WebMedia
Published Jul 10, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for drupal localgov workflows

Be the first to know when new critical vulnerabilities affecting drupal localgov workflows are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Drupal / LocalGov Workflows
0.0.0 < 1.6.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
drupal.org: https://www.drupal.org/sa-contrib-2026-039

Credits

Maria Young (maria.y) Finn Lewis (finn lewis) Rupert Jabelman (rupertj) Greg Knaddison (greggles) Dave Long (longwave) Juraj Nemec (poker10)