DRUPAL-CONTRIB-2026-039

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/localgov_workflows/DRUPAL-CONTRIB-2026-039.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-039

Aliases

CVE-2026-10768

Published

2026-06-03T16:10:48Z

Modified

2026-06-03T19:45:07.819787793Z

Summary

[none]

Details

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview.

The module doesn't sufficiently restrict access to a view of Service Contacts at which exposes the names and content items assigned to each Service Contact.

References

https://www.drupal.org/sa-contrib-2026-039

Credits

- Maria Young (maria.y)
- - https://www.drupal.org/u/mariay-0

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/localgov_workflows

Package

Name: drupal/localgov_workflows
Purl: pkg:composer/drupal%2Flocalgov_workflows

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.6.0

Database specific

{
    "constraint": "<1.6.0"
}

Database specific

affected_versions

"<1.6.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/localgov_workflows/DRUPAL-CONTRIB-2026-039.json"