PT-2026-22082 · Drupal+2 · Material Icons+1
Bryan Sharpe
+6
·
Published
2026-02-25
·
Updated
2026-03-30
·
CVE-2026-3210
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Material Icons versions prior to 2.0.4
Description
The Drupal Material Icons module has an authorization issue. Insufficient permissions are added to dialog and autocomplete routes, potentially granting full access to these routes in many situations. This allows for forceful browsing. The module is designed to add icons to CKEditor.
Recommendations
Update to version 2.0.4 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Material Icons
Drupal/Material Icons