By weakness (CWE)

CWE-267: related vulnerabilities

CVEs classified under CWE-267. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-6816LOW 3.8

    Drupal's TFA Basic Plugins module contains a flaw that allows administrators with user management permissions to access or create recovery codes intended for other users. This bypasses the expected access controls around two-factor authentication recovery mechanisms. The vulnerability is restricted to versions 7.x-1.0 through 7.x-1.2, and exploitation requires administrative privileges, limiting its immediate threat to environments where admin accounts are already compromised or where trust boundaries have been violated.