CVE-2026-3211
Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
3th
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.
| CWE | CWE-352 |
| Vendor | drupal |
| Product | theme negotiation by rules |
| Ecosystems | |
| Industries | WebMedia |
| Published | Mar 25, 2026 |
| Last Updated | Mar 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for drupal theme negotiation by rules
Be the first to know when new medium vulnerabilities affecting drupal theme negotiation by rules are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Drupal / Theme Negotiation by Rules
0.0.0 < 1.2.1
Credits
Juraj Nemec (poker10) Zoltan Attila Horvath (huzooka) Juraj Nemec (poker10) Damien McKenna (damienmckenna) Greg Knaddison (greggles) Juraj Nemec (poker10) Jess (xjm)