Primary

Context

Drupal Canvas Incorrect Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

A vulnerability in the Drupal Canvas module, versions prior to 1.0.4, allows for incorrect authorization and forceful browsing. The issue arises because the module does not properly validate access to unpublished Canvas Pages. While this vulnerability is somewhat mitigated by the default content moderation settings and the lack of an archiving feature, it still presents a risk by enabling unauthorized access to certain pages.

Impact

Exploitation of this vulnerability could lead to unauthorized access to unpublished Canvas Pages, allowing users to view or interact with content that should not be publicly accessible.

Remediation

Users of the Drupal Canvas module should upgrade to version 1.0.4.

Added: Feb 4, 2026, 9:22 PM

Updated: Feb 4, 2026, 10:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.0

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.0

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Canvas Incorrect Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating