CVE-2026-4933

HIGH 7.5

Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

2th

Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0.

CWE	CWE-863
Vendor	drupal
Product	unpublished node permissions
Ecosystems	PHP CMS
Industries	WebMedia
Published	Mar 26, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for drupal unpublished node permissions

Be the first to know when new high vulnerabilities affecting drupal unpublished node permissions are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Drupal / Unpublished Node Permissions

0.0.0 < 1.7.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

drupal.org: https://www.drupal.org/sa-contrib-2026-029

Credits

Andre Groendijk (groendijk) Fabien Gutknecht (fabsgugu) Greg Knaddison (greggles) Juraj Nemec (poker10) Jess (xjm)