Medium severity4.3NVD Advisory· Published Mar 26, 2026· Updated Apr 1, 2026
CVE-2026-0748
CVE-2026-0748
Description
In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls and discloses unpublished node titles and IDs.
Exploit affects versions 7.x-1.0 up to and including 7.x-1.35.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:internationalization_project:internationalization:*:*:*:*:*:drupal:*:*Range: >=7.x-1.0,<=7.x-1.35
- Range: >=7.x-1.0, <=7.x-1.35
Patches
Vulnerability mechanics
References
3- www.herodevs.com/vulnerability-directory/cve-2026-0748nvdExploitThird Party Advisory
- www.herodevs.com/vulnerability-directory/cve-2026-0748nvdExploitThird Party Advisory
- d7es.tag1.com/node/86nvdThird Party Advisory
News mentions
0No linked articles in our index yet.