Volerion logoVolerion
Volerion logoVolerion

Drupal Node View Permissions Access Bypass Vulnerability

Vulnerability

An access bypass vulnerability has been identified in the Drupal Node View Permissions module, affecting versions prior to 1.7.0 and 2.0.0 through 2.0.1. The vulnerability arises because the module does not properly manage situations where a user's content is transferred to the anonymous user after the user is canceled. This issue primarily impacts private content that should not be visible to anonymous users, but only if the content was reassigned to the anonymous user.

Impact

Exploitation of this vulnerability allows for unauthorized access to private content that should not be visible to anonymous users.

Remediation

Users of the Node View Permissions module should upgrade to version 2.0.1 if they are using version 2.0.0 or prior, or to version 8.x-1.7 if they are using version 8.x-1.6 or prior.

Added: May 19, 2026, 11:20 PM
Updated: May 19, 2026, 11:20 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
0.6
exploitability
7.2
remediation
7.7
relevance
8.8
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.