What is GHSA-rgcr-rww9-8rr3?

GHSA-rgcr-rww9-8rr3 is a security advisory published by GitHub Security Advisories with Medium severity. An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users...

Which CVE IDs does GHSA-rgcr-rww9-8rr3 cover?

GHSA-rgcr-rww9-8rr3 covers the following CVE IDs: CVE-2026-6816. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-rgcr-rww9-8rr3Medium

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-6816 →

📋 Description

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.

This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-6816
https://d7es.tag1.com/security-advisories/tfa-basic-plugins-less-critical-access-bypass-sa-contrib-2025-085
https://www.herodevs.com/vulnerability-directory/cve-2026-6816
https://github.com/advisories/GHSA-rgcr-rww9-8rr3