Home

Description

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2.

PUBLISHED Reserved 2026-03-18 | Published 2026-03-26 | Updated 2026-03-30 | Assigner drupal

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status
unaffected

0.0.0 (semver) before 1.7.0
affected

2.0.0 (semver) before 2.0.2
affected

Credits

Pierre Rudloff (prudloff) finder

Ajit Shinde (ajits) remediation developer

Jakob P (japerry) remediation developer

Gareth Alexander (the_g_bomb) remediation developer

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2026-030

cve.org (CVE-2026-4393)

nvd.nist.gov (CVE-2026-4393)

Download JSON