CVE-2026-0944

Published: Feb 4, 2026Modified: Feb 11, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4.

Affected (3)

Products: Metadrop: Group Invite

Metadrop

1 product

Group Invite

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Metadrop Group Invite	Before 2.3.9
Metadrop Group Invite	From 3.0.0 to 3.0.4
Metadrop Group Invite	From 4.0.0 to 4.0.4

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (1)

https://www.drupal.org/sa-contrib-2026-001

Source: mlhess@drupal.org

Vendor Advisory

Timeline

No history available yet.