Drupal · Material Icons · CVE-2026-3210
**Name of the Vulnerable Software and Affected Versions**
Drupal Material Icons versions prior to 2.0.4
**Description**
The Drupal Material Icons module has an authorization issue. Insufficient permissions are added to dialog and autocomplete routes, potentially granting full access to these routes in many situations. This allows for forceful browsing. The module is designed to add icons to CKEditor.
**Recommendations**
Update to version 2.0.4 or later.