Incorrect Authorization in Drupal Advanced Content Feedback
CVE-2026-13232

Currently unrated

What is CVE-2026-13232?

An incorrect authorization vulnerability exists in the Drupal Advanced Content Feedback module, also known as admin_feedback. This flaw allows for forceful browsing, where an attacker may gain access to unauthorized areas of the application. The issue impacts versions ranging from 0.0.0 to 2.8.0, posing significant security risks if left unaddressed. Users are advised to update to the latest version and review their access controls to mitigate potential exploitation.

Affected Version(s)

Advanced Content Feedback (aka admin_feedback) 0.0.0 < 2.8.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bill Seremetis (bserem)
Bill Seremetis (bserem)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
.