CVE-2026-6816EPSS p20.2%
CVE-2026-6816CVE-2026-6816
tfa_basic_plugins_project / tfa_basic_plugins
Description
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.
This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.
Scoring
| CVSS | 3.8 () |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
| EPSS | 0.29% probability of exploitation · percentile 20.2% · 2026-06-19T12:03:05Z |
| Last modified | 2026-06-01 |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.