Improper Authentication Control in Drupal Login Disable by Dries Buytaert
CVE-2026-15079
Currently unrated
What is CVE-2026-15079?
The Login Disable module for Drupal is susceptible to an improper restriction of excessive authentication attempts, allowing attackers to launch brute force attacks. This vulnerability exposes sites running versions 0.0.0 to 2.1.4 to potential unauthorized access, thereby compromising the integrity of user accounts and sensitive data. It is paramount for website administrators to upgrade to the latest version and implement security best practices to mitigate this risk.
Affected Version(s)
Login Disable 0.0.0 < 2.1.4
