CVE-2026-8491 - Vulnerability Details - OpenCVE

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://www.drupal.org/sa-contrib-2026-034

History

Tue, 19 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1.
Title		Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034
Weaknesses		CWE-754
References		https://www.drupal.org/sa-contrib-2026-034

MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2026-05-19T22:28:58.101Z

Updated: 2026-05-19T22:28:58.101Z

Reserved: 2026-05-13T15:43:26.500Z

Link: CVE-2026-8491

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-19T23:16:58.740

Modified: 2026-05-19T23:16:58.740

Link: CVE-2026-8491

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-20T00:30:17Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8491", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2026-05-13T15:43:26.500Z", "datePublished": "2026-05-19T22:28:58.101Z", "dateUpdated": "2026-05-19T22:28:58.101Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-05-19T22:28:58.101Z"}, "title": "Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034", "datePublic": "2026-05-13T17:16:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-87", "descriptions": [{"lang": "en", "value": "CAPEC-87 Forceful Browsing"}]}], "affected": [{"vendor": "Drupal", "product": "Node View Permissions", "collectionURL": "https://www.drupal.org/project/node_view_permissions", "repo": "https://git.drupalcode.org/project/node_view_permissions", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.7.0", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing.\n\nThis issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing.<p>This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1.</p>"}]}], "references": [{"url": "https://www.drupal.org/sa-contrib-2026-034"}], "credits": [{"lang": "en", "value": "Adam Shepherd (adamps)", "type": "finder"}, {"lang": "en", "value": "B\u00c3\u00a1lint Nagy (nagy.balint)", "type": "remediation developer"}, {"lang": "en", "value": "Greg Knaddison (greggles)", "type": "coordinator"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "coordinator"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}