๐Ÿ” CVE Alert

CVE-2026-3526

MEDIUM 5.3

File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
4th

Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects File Access Fix (deprecated): from 0.0.0 before 1.2.0.

CWE CWE-863
Vendor drupal
Product file access fix (deprecated)
Ecosystems
Industries
WebMedia
Published Mar 26, 2026
Last Updated Mar 27, 2026
Stay Ahead of the Next One

Get instant alerts for drupal file access fix (deprecated)

Be the first to know when new medium vulnerabilities affecting drupal file access fix (deprecated) are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Drupal / File Access Fix (deprecated)
0.0.0 < 1.2.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
drupal.org: https://www.drupal.org/sa-contrib-2026-021

Credits

Pierre Rudloff (prudloff) Merlin Axel Rutz (geek-merlin) Damien McKenna (damienmckenna) Greg Knaddison (greggles) Juraj Nemec (poker10)