Missing Authorization Vulnerability in Drupal LocalGov Workflows
CVE-2026-10768

9.8CRITICAL

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-10768?

A missing authorization vulnerability exists in the Drupal LocalGov Workflows module, potentially allowing attackers to perform forceful browsing. This weakness affects all versions from 0.0.0 to 1.6.0, enabling unauthorized users to access restricted areas of the application without proper permissions. Administrators should address this issue promptly to safeguard their sites against unauthorized access.

Affected Version(s)

LocalGov Workflows 0.0.0 < 1.6.0

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maria Young (maria.y)
Finn Lewis (finn lewis)
Rupert Jabelman (rupertj)
Greg Knaddison (greggles)
Dave Long (longwave)
Juraj Nemec (poker10)
.