Missing Authorization Vulnerability in Drupal LocalGov Workflows
CVE-2026-10768
9.8CRITICAL
What is CVE-2026-10768?
A missing authorization vulnerability exists in the Drupal LocalGov Workflows module, potentially allowing attackers to perform forceful browsing. This weakness affects all versions from 0.0.0 to 1.6.0, enabling unauthorized users to access restricted areas of the application without proper permissions. Administrators should address this issue promptly to safeguard their sites against unauthorized access.
Affected Version(s)
LocalGov Workflows 0.0.0 < 1.6.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Maria Young (maria.y)
Finn Lewis (finn lewis)
Rupert Jabelman (rupertj)
Greg Knaddison (greggles)
Dave Long (longwave)
Juraj Nemec (poker10)
