Missing Authorization Flaw in Drupal Examples for Developers
CVE-2026-11909

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-11909?

A vulnerability in the Examples for Developers module for Drupal allows unauthorized users to access restricted functionalities through forceful browsing. This impacts versions from 0.0.0 to 4.0.6, potentially exposing sensitive data and compromising user accounts. It is essential for site administrators to review their deployments and apply recommended updates to safeguard against unauthorized access.

Affected Version(s)

Examples for Developers 0.0.0 < 4.0.6

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Rudloff (prudloff)
Alberto Paderno (avpaderno)
Pierre Rudloff (prudloff)
Greg Knaddison (greggles)
Juraj Nemec (poker10)
.