CVE-2026-15079 PUBLISHED

Login Disable - Moderately critical - Access bypass - SA-CONTRIB-2026-070

Assigner: drupal
Reserved: 08.07.2026 Published: 10.07.2026 Updated: 10.07.2026

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4.

Product Status

Vendor Drupal
Product Login Disable
Versions
  • affected from 0.0.0 to 2.1.4 (excl.)

Credits

  • Pierre Rudloff (prudloff) finder
  • Boris Doesborg (batigolix) remediation developer
  • Greg Knaddison (greggles) coordinator
  • Pierre Rudloff (prudloff) coordinator

References

Problem Types

  • CWE-307 Improper Restriction of Excessive Authentication Attempts CWE

Impacts

  • CAPEC-112 Brute Force