CVE Catalog

CVE-2026-8495

Critical
Published: Translated: NVD NIST

Summary

A missing authorization vulnerability in Drupal Date iCal allows for forceful browsing.

Risk Assessment

Organizations may be exposed to unauthorized access to data, potentially leading to information leakage.

Recommendation

It is recommended to update the Date iCal component to version 4.0.15 or later to mitigate this vulnerability.

Original NVD description (English source)

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS