CVE-2026-0944

CVE-2026-0944: Group invite - Moderately critical - Access bypass - SA-CONTRIB-2026-001

Vendor Drupal
Product Group invite
Weakness CWE-754
Published February 4, 2026
Last update February 4, 2026

CVSS base score

What the vulnerability does

01Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4.

Explanation of Vulnerability in Simple Terms

02Summary

A vulnerability in the Drupal Group invite module versions before 2.3.9 allows an attacker to perform an unspecified action. The exact nature of the vulnerability cannot be determined from available metadata. Site administrators should update to version 2.3.9 or later immediately.

What an attacker can do

03Attacker Capabilities

Perform an unspecified malicious action (exact impact unknown due to missing CVSS data).

Potential impact on your site

04Site Impact

Sites running Group invite module < 2.3.9 are at risk; update immediately to 2.3.9.

Conditions required to exploit

05Prerequisites

Unknown; CVSS vector data is unavailable.

Key dates

06Disclosure timeline

February 4, 2026 CVE published
February 4, 2026 Record updated