Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0.

Description

Affected Products

Vendor	Product	Versions
Drupal	Unpublished Node Permissions	1.6.x

References

https://www.drupal.org/sa-contrib-2026-029

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-4933 | Unpublished Node Permissions up to 1.6.x on Drupal authorization (sa-contrib-2026-029)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-863

Published3/26/2026

Last enriched2h agov2

Trending Score20

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated vendor and product information, added affected versions 1.6.x, changed severity to CRITICAL, and marked as actively exploited.

vendorproductaffectedVersions

via VulDB

v13h ago

Initial creation