cvedb.io
CVE-2026-0748
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2026-03-26T22:16:27.100 · Last modified 2026-06-17T10:11:18.803

Summary

In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls and discloses unpublished node titles and IDs. Exploit affects versions 7.x-1.0 up to and including 7.x-1.35.

Affected products

internationalization_project — internationalization

Does this affect you?

Add your gear to cvedb and we'll alert you only when internationalization_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.