Missing Authorization Vulnerability in Drupal WissKI Product by Drupal
CVE-2026-13239

Currently unrated

Key Information:

Vendor

Drupal

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-13239?

A missing authorization vulnerability exists in the WissKI module for Drupal, enabling users to access restricted resources without proper authentication. This issue affects WissKI versions ranging from 0.0.0 to 4.2.0, posing a significant risk of forceful browsing attacks that could compromise sensitive information. It is crucial for administrators to review and update their installations to safeguard against unauthorized access.

Affected Version(s)

WissKI 0.0.0 < 4.2.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Drew Webber (mcdruid)
knurg
cilefen (cilefen)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
.