CVE-2026-1553

CVE-2026-1553: Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006

Vendor Drupal
Product Drupal Canvas
Weakness CWE-863 · Incorrect authorization
Published February 4, 2026
Last update February 4, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4.

Key dates

Disclosure timeline

February 4, 2026 CVE published
February 4, 2026 Record updated