CVE-2026-0748

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls and discloses unpublished node titles and IDs.

Exploit affects versions 7.x-1.0 up to and including 7.x-1.35.

Vulnerability Details

Published Date

March 26, 2026

Last Modified

April 01, 2026

CWE ID

CWE-284

Source

NVD

Vendor

internationalization_project

Product

internationalization

External References

https://d7es.tag1.com/node/86
https://www.herodevs.com/vulnerability-directory/cve-2026-0748

CVE-2026-0748

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment