Login Sign Up

CVE-2026-0944

5.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in Drupal Group invite allows attackers to bypass access controls through forceful browsing, potentially accessing restricted content or functionality. It affects Drupal sites using the Group invite module in specific vulnerable versions.

💻 Affected Systems

Products:
  • Drupal Group invite module
Versions: 0.0.0 to 2.3.8, 3.0.0 to 3.0.3, 4.0.0 to 4.0.3
Operating Systems: All operating systems running Drupal
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Drupal sites with the Group invite module installed and enabled.

📦 What is this software?

Group Invite by Metadrop

View all CVEs affecting Group Invite →

Group Invite by Metadrop

View all CVEs affecting Group Invite →

Group Invite by Metadrop

View all CVEs affecting Group Invite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users gain access to sensitive group content, member data, or administrative functions they shouldn't have permission to view or modify.

🟠

Likely Case

Attackers access restricted group content or functionality they shouldn't be able to see, potentially exposing private information.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, though some information disclosure may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires some knowledge of Drupal's URL structure but is relatively straightforward once understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.9, 3.0.4, or 4.0.4

Vendor Advisory: https://www.drupal.org/sa-contrib-2026-001

Restart Required: No

Instructions:

1. Update Group invite module to version 2.3.9, 3.0.4, or 4.0.4 depending on your major version. 2. Clear Drupal caches. 3. Verify the update was successful.

🔧 Temporary Workarounds

Temporary access restriction

all

Temporarily disable or restrict access to group invite functionality

🧯 If You Can't Patch

  • Implement additional access control checks at the application level
  • Monitor logs for unusual access patterns to group-related URLs

🔍 How to Verify

Check if Vulnerable:

Check Group invite module version in Drupal admin interface at /admin/modules or via drush: drush pm-list | grep group_invite

Check Version:

drush pm-list | grep group_invite

Verify Fix Applied:

Confirm module version is 2.3.9, 3.0.4, or 4.0.4 and test access controls work properly

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed access attempts to group invite URLs
  • Unauthorized users accessing group invite endpoints

Network Indicators:

  • Unusual patterns of requests to /group/* or /invite/* endpoints

SIEM Query:

source="drupal_access_log" AND (uri="/group/*" OR uri="/invite/*") AND status=403

📊 Metadata

CVE ID: CVE-2026-0944
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-754
EPSS Score: 0.04% exploit probability (11.2th percentile)
Published: February 4, 2026
Last Updated: February 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0944, you might also want to check these:

CVE-2026-24054 10.0

A vulnerability in Kata Containers allows malformed container images with no layers to cause the hos...

Same vulnerability type (CWE-754)
CVE-2021-0211 10.0

This vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows attackers to send specia...

Same vulnerability type (CWE-754)
CVE-2024-3729 9.8

This vulnerability in the Frontend Admin WordPress plugin allows unauthenticated attackers to manipu...

Same vulnerability type (CWE-754)