CVE-2026-15080
Received
Received - Intake
Cross-Site Request Forgery in Drupal Ray Enterprise Translation
Vulnerability report for CVE-2026-15080, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-10
Last updated on: 2026-07-10
Assigner: Drupal.org
Description
Description
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| drupal | ray_enterprise_translation | From 0.0.0 (inc) to 4.0.4 (inc) |
| drupal | ray_enterprise_translation | From 4.1.0 (inc) to 4.1.4 (inc) |
| drupal | ray_enterprise_translation | From 11.0.0 (inc) to 11.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |