wid-sec-w-2026-0599
·
Published 2026-03-04
·
View on BSI CERT-Bund ↗
Drupal Extensions: Multiple Vulnerabilities
CVSS 6.5
MEDIUM
Risk Summary
Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects File Access Fix (deprecated): from 0.0.0 before 1.2.0.
Affected Vendors
Open Source
Affected Products (10)
Open Source
·
Drupal
File access <1.2.0
Open Source
·
Drupal
File access 1.2.0
Open Source
·
Drupal
AJAX Dashboard <3.1.0
Open Source
·
Drupal
AJAX Dashboard 3.1.0
Open Source
·
Drupal
Calculation Fields <1.0.4
Open Source
·
Drupal
Calculation Fields 1.0.4
Open Source
·
Drupal
Google Analytics GA4 <1.1.13
Open Source
·
Drupal
Google Analytics GA4 1.1.13
Open Source
·
Drupal
OpenID Connect <1.5.0
Open Source
·
Drupal
OpenID Connect 1.5.0
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more