NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-6816

Summary	An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.
Publication Date	May 29, 2026, 8:16 a.m.
Registration Date	May 30, 2026, 4:11 a.m.
Last Update	May 29, 2026, 11:46 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://d7es.tag1.com/security-advisories/tfa-basic-plugins-less-critical-access-bypass-sa-contrib-2025-085	mlhess@drupal.org
2	https://www.herodevs.com/vulnerability-directory/cve-2026-6816	mlhess@drupal.org

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-267	危険なアクションで定義された権限	https://cwe.mitre.org/data/definitions/267.html