CVE-2026-3525
Received
Received - Intake
Incorrect Authorization in Drupal File Access Fix Enables Forceful Browsing
Publication date: 2026-03-26
Last updated on: 2026-03-31
Assigner: Drupal.org
Description
Description
Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects File Access Fix (deprecated): from 0.0.0 before 1.2.0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geeks4change | file_access_fix | to 8.x-1.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Authorization issue in the Drupal File Access Fix (deprecated) module. It allows Forceful Browsing, meaning an attacker can access files or resources they are not authorized to view by bypassing normal access controls.
How can this vulnerability impact me? :
The impact of this vulnerability is that unauthorized users may gain access to restricted files or data within a Drupal site using the File Access Fix module. This can lead to exposure of sensitive information or data leakage.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70