Home

Description

Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects File Access Fix (deprecated): from 0.0.0 before 1.2.0.

PUBLISHED Reserved 2026-03-04 | Published 2026-03-26 | Updated 2026-03-27 | Assigner drupal

Problem types

CWE-863 Incorrect Authorization

Product status

Default status
unaffected

0.0.0 (semver) before 1.2.0
affected

Credits

Pierre Rudloff (prudloff) finder

Merlin Axel Rutz (geek-merlin) remediation developer

Damien McKenna (damienmckenna) coordinator

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2026-021

cve.org (CVE-2026-3526)

nvd.nist.gov (CVE-2026-3526)

Download JSON