Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-8495
PUBLISHED
More InfoOfficial Page
Assigner-drupal
Assigner Org ID-2c85b837-eb8b-40ed-9d74-228c62987387
View Known Exploited Vulnerability (KEV) details
Published At-19 May, 2026 | 22:29
Updated At-19 May, 2026 | 22:29
Rejected At-
▼CVE Numbering Authority (CNA)
Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.

Affected Products
Vendor
The Drupal AssociationDrupal
Product
Date iCal
Collection URL
https://www.drupal.org/project/date_ical
Repo
https://git.drupalcode.org/project/date_ical
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 4.0.15 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-87CAPEC-87 Forceful Browsing
CAPEC ID: CAPEC-87
Description: CAPEC-87 Forceful Browsing
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Drew Webber (mcdruid)
remediation developer
Joël Pittet (joelpittet)
coordinator
Greg Knaddison (greggles)
coordinator
Dave Long (longwave)
coordinator
Juraj Nemec (poker10)
coordinator
Drew Webber (mcdruid)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.drupal.org/sa-contrib-2026-037
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2026-037
Resource: N/A
Details not found