Home

Description

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4.

PUBLISHED Reserved 2026-02-25 | Published 2026-03-25 | Updated 2026-03-26 | Assigner drupal

Problem types

CWE-863 Incorrect Authorization

Product status

Default status
unaffected

0.0.0 (semver) before 2.0.4
affected

Credits

Jen M (jannakha) finder

Bryan Sharpe (b_sharpe) remediation developer

Jen M (jannakha) remediation developer

Damien McKenna (damienmckenna) coordinator

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

Ra Mänd (ram4nd) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2026-011

cve.org (CVE-2026-3210)

nvd.nist.gov (CVE-2026-3210)

Download JSON