PT-2026-23109 · Drupal+2 · File Access Fix+1

Damien Mckenna

Publicado

2026-03-04

Atualizado

2026-03-26

CVE-2026-3526

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Drupal File Access Fix (deprecated) versions prior to 1.2.0

Description The File Access Fix module (deprecated) contains an authorization flaw that could allow forceful browsing of files. The module manages file storage based on entity access permissions, but it does not consistently validate access logic. This can lead to files attached to entities not being properly protected in some cases. The issue is resolved by saving the entity a second time.

Recommendations Update to version 1.2.0 or later.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2026-3526

DRUPAL-CONTRIB-2026-021

Produtos afetados

File Access Fix

Drupal/File Access Fix

PT-2026-23109 · Drupal+2 · File Access Fix+1

CVE-2026-3526

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4