What is CVE-2017-6926?

CVE-2017-6926 is a vulnerability in Drupal.org Drupal Core. Published 2018-03-01.

Is CVE-2017-6926 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Drupal.org Drupal Core

CVE-2017-6926

In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by t…

EPSS: 0.004 (58.9th percentile) — read the EPSS interpretation.

Affected products

Drupal.org Drupal Core — versions 8.4.x versions before 8.4.5

Public proof-of-concept exploits

superfish9/pt

References

www.drupal.org/sa-core-2018-001 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-6926?: CVE-2017-6926 is a vulnerability in Drupal.org Drupal Core. Published 2018-03-01.
Is CVE-2017-6926 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.