A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
AI OnAI Off
[Bug?] Access rights to languages in edit mode.
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
Hi,
It seems lika that language access rights are only checked in the dropdown menus in edit mode. If you access edit mode with a direct link to a page and a language you can access a language branch that you don't actually have access to, e.g. /cms/edit/default.aspx?id=12345&epslanguage=en&selectededitpaneltab=1. You can even edit the page and publish it.
Is this by design or a bug? For me it seems like a quite serious security bug.