CVE-2026-8491

CVE-2026-8491: Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034

Vendor Drupal
Product Node View Permissions
Weakness CWE-754
Published May 19, 2026
Last update May 20, 2026

CVSS base score

What the vulnerability does

01Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1.

Explanation of Vulnerability in Simple Terms

02Summary

A permissions issue in the Drupal Node View Permissions module allows unauthorized access to node content. The vulnerability affects versions before 1.7.0. Site administrators should update to version 1.7.0 or later to prevent potential unauthorized viewing of restricted nodes.

What an attacker can do

03Attacker Capabilities

View node content that should be restricted based on configured permissions.

Potential impact on your site

04Site Impact

Unauthorized users may access nodes they should not be able to view, compromising content access controls.

Conditions required to exploit

05Prerequisites

Access to the Drupal site; specific attack vector details unavailable.

Key dates

06Disclosure timeline

May 19, 2026 CVE published
May 20, 2026 Record updated