What the vulnerability does
01Description
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing.
This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1.
Explanation of Vulnerability in Simple Terms
02Summary
A permissions issue in the Drupal Node View Permissions module allows unauthorized access to node content. The vulnerability affects versions before 1.7.0. Site administrators should update to version 1.7.0 or later to prevent potential unauthorized viewing of restricted nodes.
What an attacker can do
03Attacker Capabilities
View node content that should be restricted based on configured permissions.
Potential impact on your site
04Site Impact
Unauthorized users may access nodes they should not be able to view, compromising content access controls.
Conditions required to exploit
05Prerequisites
Access to the Drupal site; specific attack vector details unavailable.
Key dates
06Disclosure timeline
May 19, 2026
CVE published
May 20, 2026
Record updated