Privilege Escalation via Unsafe Actions in Drupal Role Delegation 1.3.0-<1.5.0: CVE-2026-0945 February 2026

Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002
Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.

Vulnerability Analysis

CVE-2026-0945 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

Affected Versions

Exploit Probability

EPSS

0.01%

Percentile

0.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Privilege Escalation via Unsafe Actions in Drupal Role Delegation 1.3.0-<1.5.0CVE-2026-0945 Published on February 4, 2026

Vulnerability Analysis

Weakness Type

Privilege Defined With Unsafe Actions

Affected Versions

Exploit Probability

Privilege Escalation via Unsafe Actions in Drupal Role Delegation 1.3.0-<1.5.0
CVE-2026-0945 Published on February 4, 2026