PT-2026-22082 · Drupal+2 · Material Icons+1

Bryan Sharpe

+6

·

Publicado

2026-02-25

·

Atualizado

2026-03-30

·

CVE-2026-3210

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Drupal Material Icons versions prior to 2.0.4
Description The Drupal Material Icons module has an authorization issue. Insufficient permissions are added to dialog and autocomplete routes, potentially granting full access to these routes in many situations. This allows for forceful browsing. The module is designed to add icons to CKEditor.
Recommendations Update to version 2.0.4 or later.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2026-3210
DRUPAL-CONTRIB-2026-011

Produtos afetados

Material Icons
Drupal/Material Icons