CVE-2025-14840

CVE-2025-14840: HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126

Vendor Drupal
Product HTTP Client Manager
Weakness CWE-754
Published January 28, 2026
Last update January 29, 2026

CVSS base score

What the vulnerability does

01Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.

Explanation of Vulnerability in Simple Terms

02Summary

A vulnerability in the Drupal HTTP Client Manager module versions before 9.3.13 allows an attacker to cause an error condition. The exact nature of the vulnerability and its impact are not fully documented in available metadata. Site administrators should update to version 9.3.13 or later to address this issue.

What an attacker can do

03Attacker Capabilities

Trigger an error condition in the HTTP Client Manager module.

Potential impact on your site

04Site Impact

Your site may experience errors or unexpected behavior from the HTTP Client Manager module.

Conditions required to exploit

05Prerequisites

Access to a Drupal site running an affected version of the module.

Key dates

06Disclosure timeline

January 28, 2026 CVE published
January 29, 2026 Record updated