Back to search
CVE-2026-0748
Published: Mar 26, 2026
Modified: Mar 27, 2026
PUBLISHED
Description
In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls and discloses unpublished node titles and IDs. Exploit affects versions 7.x-1.0 up to and including 7.x-1.35.
| Vendor | Product | Versions |
|---|---|---|
Drupal | Internationalization (i18n) - i18n_node submodule | affected 7.x-1.0 - <= 7.x-1.35 |
Weaknesses (CWE)
References
https://www.herodevs.com/vulnerability-directory/cve-2026-0748
third-party-advisory
https://d7es.tag1.com/node/86
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now