Improper Authentication Control in Drupal Login Disable by Dries Buytaert
CVE-2026-15079

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-15079?

The Login Disable module for Drupal is susceptible to an improper restriction of excessive authentication attempts, allowing attackers to launch brute force attacks. This vulnerability exposes sites running versions 0.0.0 to 2.1.4 to potential unauthorized access, thereby compromising the integrity of user accounts and sensitive data. It is paramount for website administrators to upgrade to the latest version and implement security best practices to mitigate this risk.

Affected Version(s)

Login Disable 0.0.0 < 2.1.4

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Rudloff (prudloff)
Boris Doesborg (batigolix)
Greg Knaddison (greggles)
Pierre Rudloff (prudloff)
.