Primary

Context

Drupal Login Disable Authentication Bypass Vulnerability

Vulnerability

Patched

An authentication bypass vulnerability has been identified in the Drupal Login Disable module, affecting versions prior to 2.1.3. This vulnerability allows users to log in without the required access key by exploiting the HTTP request login route, bypassing the module's intended functionality.

Impact

Exploitation of this vulnerability allows unauthorized users to bypass authentication requirements, potentially leading to unauthorized access to the Drupal site.

Remediation

Users of the Login Disable module should upgrade to version 2.1.3.

Added: Mar 25, 2026, 4:46 PM

Updated: Mar 25, 2026, 4:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

5.4

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

5.4

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Login Disable Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Drupal Login Disable

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating