CVE-2026-15079

Drupal · Login Disable

The Drupal Login Disable module fails to properly restrict excessive authentication attempts, creating a vulnerability that facilitates brute force attacks against user accounts.

Executive summary

An improper authentication restriction vulnerability in the Drupal Login Disable module allows attackers to execute brute force attacks against user accounts.

Vulnerability

This vulnerability (CWE-307) stems from the module's failure to enforce adequate rate limiting or account lockout mechanisms during the authentication process. The flaw allows an attacker to systematically test password combinations without being blocked by the system.

Business impact

With a CVSS score of 9.8, this vulnerability represents a critical risk of account takeover. If exploited, an attacker could gain unauthorized access to privileged accounts, potentially leading to a complete compromise of the Drupal environment and the exfiltration of sensitive site data.

Remediation

Immediate Action: Update the Login Disable module to version 2.1.4 to enable robust rate limiting and brute force protection.

Proactive Monitoring: Review authentication logs for patterns indicative of credential stuffing or brute force attempts, such as high volumes of failed login requests from single or distributed IP addresses.

Compensating Controls: Deploy a Web Application Firewall (WAF) or an intrusion prevention system to detect and block IP addresses exhibiting high-frequency login failures.

Exploitation status

Public Exploit Available: No (unknown)

Analyst recommendation

Administrators should apply the patch immediately to ensure account security. Ensuring that rate limiting is active is a fundamental security requirement that must be addressed to prevent unauthorized access and maintain system integrity.