CVE-2026-1917 identifies a critical authentication bypass vulnerability in the Drupal Login Disable module, which is designed to restrict or disable user login functionality under certain conditions. The vulnerability arises from the module's failure to properly enforce authentication checks, allowing attackers to exploit an alternate path or communication channel to bypass login restrictions. This is classified under CWE-288, indicating improper authentication mechanisms. The affected versions include all releases prior to 2.1.3, starting from 0.0.0. The flaw enables attackers to gain unauthorized access to Drupal sites by circumventing the login disable feature, potentially allowing them to perform actions reserved for authenticated users. Although no public exploits have been reported yet, the vulnerability poses a significant risk due to the critical nature of authentication bypass. The absence of a CVSS score suggests the need for manual severity assessment. The vulnerability is particularly concerning because it does not require user interaction or complex exploitation steps, and it impacts the confidentiality and integrity of affected systems. The Drupal Login Disable module is commonly used in Drupal-based websites worldwide, increasing the scope of potential impact. No official patches or mitigation instructions have been published at the time of disclosure, emphasizing the need for immediate attention from site administrators.

The primary impact of CVE-2026-1917 is unauthorized access to Drupal websites that use the vulnerable Login Disable module. Attackers exploiting this vulnerability can bypass authentication controls, potentially gaining access to restricted areas or administrative functions. This can lead to data breaches, unauthorized content modification, privilege escalation, and disruption of website operations. The compromise of Drupal sites can also serve as a foothold for further attacks within an organization's network, including lateral movement and data exfiltration. Given Drupal's widespread use in government, education, and enterprise sectors, the vulnerability could affect a broad range of organizations globally. The lack of authentication requirement and ease of exploitation increase the risk of automated attacks and mass exploitation campaigns once exploit code becomes available. The vulnerability undermines the integrity and confidentiality of affected systems and could also impact availability if attackers modify or disable critical site functions.

1. Immediately upgrade the Drupal Login Disable module to version 2.1.3 or later once it becomes available to ensure the vulnerability is patched. 2. In the interim, disable the Login Disable module if feasible, especially on high-value or publicly accessible sites, to prevent exploitation. 3. Implement additional access control measures at the web server or application firewall level to restrict access to login pages or administrative interfaces. 4. Monitor Drupal site logs for unusual login attempts or access patterns that may indicate exploitation attempts. 5. Employ multi-factor authentication (MFA) on Drupal administrative accounts to reduce the impact of potential unauthorized access. 6. Conduct regular security audits and vulnerability scans focused on Drupal modules and configurations. 7. Stay informed through official Drupal security advisories and community channels for updates and patches related to this vulnerability. 8. Consider deploying web application firewalls (WAFs) with custom rules to detect and block attempts to exploit alternate authentication paths.