Main Vulnerability Database SB2026020571

SB2026020571 - Improper access control in Login Disable module for Drupal

Published: February 5, 2026

Security Bulletin ID SB2026020571

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2026-1917)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected module does not check for the access key when using the HTTP request login route. A remote user can log in without providing the access key.

Remediation

Install update from vendor's website.

References

https://www.drupal.org/sa-contrib-2026-008