Main Vulnerability Database Vulnerabilities #VU122399

#VU122399 Improper access control in Login Disable - CVE-2026-1917

Published: February 5, 2026

Vulnerability identifier: #VU122399

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-1917

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Login Disable

Software vendor:
budda

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected module does not check for the access key when using the HTTP request login route. A remote user can log in without providing the access key.

Remediation

Install updates from vendor's website.

External links

https://www.drupal.org/sa-contrib-2026-008

#VU122399 Improper access control in Login Disable - CVE-2026-1917

Description

Remediation

External links

Please verify you're human