The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
{ "binaries": [ { "binary_name": "drupal7", "binary_version": "7.26-1ubuntu0.1+esm3" } ] }