CVE-2026-3216
Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017
CVSS Score
5.0
EPSS Score
0.0%
EPSS Percentile
7th
Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.
| CWE | CWE-918 |
| Vendor | drupal |
| Product | drupal canvas |
| Ecosystems | |
| Industries | WebMedia |
| Published | Mar 25, 2026 |
| Last Updated | Mar 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for drupal drupal canvas
Be the first to know when new medium vulnerabilities affecting drupal drupal canvas are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Drupal / Drupal Canvas
0.0.0 < 1.1.1
Credits
Drew Webber (mcdruid) Bálint Kléri (balintbrews) Ignacio Sánchez Holgueras (isholgueras) Drew Webber (mcdruid) Narendra Singh Rathore (narendrar) Christian López EspÃnola (penyaskito) Tim Plunkett (tim.plunkett) Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10) Jess (xjm)