Improper Input Validation in Drupal Node View Permissions by Drupal
CVE-2026-8491

3.7LOW

Key Information:

Vendor: Drupal
Status: Node View Permissions
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8491?

A security vulnerability in Drupal's Node View Permissions allows malicious actors to exploit improper checks for unusual or exceptional conditions. This flaw can lead to forceful browsing, enabling unauthorized access to private content by influencing the Node View Permissions functionality. The affected versions extend from 0.0.0 to below 1.7.0 and also from 2.0.0 to below 2.0.1.

Affected Version(s)

Node View Permissions 0.0.0 < 1.7.0

Node View Permissions 2.0.0 < 2.0.1

References

https://www.drupal.org/sa-contrib-2026-034

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 13, 2026

Credit

Adam Shepherd (adamps)

BÃ¡lint Nagy (nagy.balint)

Greg Knaddison (greggles)

Juraj Nemec (poker10)

CVE-2026-8491 Data

JSON