CVE-2026-3210 PUBLISHED

Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011

Assigner: drupal
Reserved: 25.02.2026 Published: 25.03.2026 Updated: 25.03.2026

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4.

Product Status

Vendor Drupal
Product Material Icons
Versions Default: unaffected
  • affected from 0.0.0 to 2.0.4 (excl.)

Credits

  • Jen M (jannakha) finder
  • Bryan Sharpe (b_sharpe) remediation developer
  • Jen M (jannakha) remediation developer
  • Damien McKenna (damienmckenna) coordinator
  • Greg Knaddison (greggles) coordinator
  • Juraj Nemec (poker10) coordinator
  • Ra Mänd (ram4nd) coordinator
  • Jess (xjm) coordinator

References

Problem Types

  • CWE-863 Incorrect Authorization CWE

Impacts

  • CAPEC-87 Forceful Browsing