PT-2026-23108 · Drupal+2 · File Access Fix+1
Greg Knaddison
+2
·
Publicado
2026-03-04
·
Atualizado
2026-03-26
·
CVE-2026-3525
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal File Access Fix (deprecated) versions prior to 1.2.0
Description
The File Access Fix module (deprecated) has an authorization issue that allows for forceful browsing. The module manages file access, moving files between public and private storage based on entity access. The issue arises because the module does not properly integrate with the
hook file download hook when implemented by custom or contributed modules, leading to potential access bypass.Recommendations
Update to File Access Fix version 1.2.0 or later.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
File Access Fix
Drupal/File Access Fix