Incorrect Authorization in Drupal File Access Fix (Deprecated)
CVE-2026-3525

Currently unrated

Key Information:

Vendor: Drupal
Status: File Access Fix (deprecated)
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-3525?

An incorrect authorization vulnerability in the deprecated Drupal File Access Fix allows attackers to perform forceful browsing, potentially exposing sensitive information. This flaw affects versions from 0.0.0 up to, but not including, 1.2.0. Users should consider upgrading to secure their installations against unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

File Access Fix (deprecated) 0.0.0 < 1.2.0

References

https://www.drupal.org/sa-contrib-2026-020

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Mar 4, 2026

Credit

Pierre Rudloff (prudloff)

Merlin Axel Rutz (geek-merlin)

Greg Knaddison (greggles)

Juraj Nemec (poker10)

JSON

Drupal