Primary

Context

Drupal Group Invite Module Access Bypass Vulnerability

Vulnerability

An access bypass vulnerability has been identified in the Drupal Group Invite module, specifically in versions prior to 2.3.9, as well as in the 3.0.0 through 3.0.4 and 4.0.0 through 4.0.4 ranges. This vulnerability allows unauthorized users to access group content by exploiting insufficient access checks under certain conditions. The issue arises when users with the permission to create group invites perform specific, less common actions.

Impact

Exploitation of this vulnerability allows for unauthorized access to group content, bypassing normal access controls.

Remediation

Users of the Group Invite module should upgrade to version 2.3.9, 3.0.4, or 4.0.4, depending on their current version.

Added: Feb 4, 2026, 9:27 PM

Updated: Feb 4, 2026, 9:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Group Invite Module Access Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating