CVE-2026-4393 PUBLISHED

Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

Assigner: drupal
Reserved: 18.03.2026 Published: 26.03.2026 Updated: 26.03.2026

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2.

Product Status

Vendor	Drupal
Product	Automated Logout
Versions	Default: unaffected affected from 0.0.0 to 1.7.0 (excl.) affected from 2.0.0 to 2.0.2 (excl.)

Credits

Pierre Rudloff (prudloff) finder
Ajit Shinde (ajits) remediation developer
Jakob P (japerry) remediation developer
Gareth Alexander (the_g_bomb) remediation developer
Greg Knaddison (greggles) coordinator
Juraj Nemec (poker10) coordinator
Jess (xjm) coordinator

References

https://www.drupal.org/sa-contrib-2026-030

Problem Types

CWE-352 Cross-Site Request Forgery (CSRF) CWE

Impacts

CAPEC-62 Cross Site Request Forgery