Incorrect Authorization in Drupal Commerce Realex / Global Payments
CVE-2026-13238

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-13238?

An incorrect authorization vulnerability exists in Drupal Commerce Realex / Global Payments, which allows attackers to engage in forceful browsing. This can lead to unauthorized access, granting users the ability to access restricted functionalities or data. It affects versions from 0.0.0 to 3.0.2. Immediate updates are recommended to mitigate risks associated with this issue.

Affected Version(s)

Commerce Realex / Global Payments 0.0.0 < 3.0.2

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bill Seremetis (bserem)
Alan Burke (alanburke)
Bill Seremetis (bserem)
Jaime Seuma (jaims-dev)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
.