TFA Basic Plugins – Access Bypass_CVE-2026-6816

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Description

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.

This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.

Basic Information

ID CVE-2026-6816

Source drupal

Published May 28, 2026 at 22:50

Affected Product

Vendor Drupal

Product TFA Basic Plugins

Version 7.x-1.0

Affected Versions Drupal TFA Basic Plugins 7.x-1.0

CWE Classification

CWE-267

References

{
    "lastseen": "",
    "description": "An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.\n\n\nThis issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.",
    "published": "2026-05-28T22:50:49.419Z",
    "modified": "2026-05-28T22:50:49.419Z",
    "type": "cve",
    "title": "TFA Basic Plugins - Access Bypass",
    "source": "drupal",
    "references": "https://www.herodevs.com/vulnerability-directory/cve-2026-6816\nhttps://d7es.tag1.com/security-advisories/tfa-basic-plugins-less-critical-access-bypass-sa-contrib-2025-085",
    "id": "CVE-2026-6816",
    "bulletinFamily": "",
    "cwe": [
        "CWE-267"
    ],
    "cvelist": null,
    "sourceData": "Drupal TFA Basic Plugins 7.x-1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TFA Basic Plugins",
    "version": "7.x-1.0",
    "vendor": "Drupal",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}