What is the CVSS score of CVE-2026-3216?

CVE-2026-3216 has a CVSS 3.1 base score of 5.0 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Drupal Canvas are affected by CVE-2026-3216?

CVE-2026-3216 presents moderate security risk, a server-side request forgery vulnerability rated CVSS 5.0. Users could be tricked into performing unintended actions.. A patch is available.

Drupal Canvas CVE-2026-3216

EUVD-2026-15476 MEDIUM

Server-Side Request Forgery (SSRF) (CWE-918)

2026-03-25 drupal

GHSA-6qhv-qccp-876q

SSRF Drupal Canvas

5.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.0 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 25, 2026 - 15:46 euvd

EUVD-2026-15476

Analysis Generated

Mar 25, 2026 - 15:46 vuln.today

CVE Published

Mar 25, 2026 - 15:24 nvd

MEDIUM 5.0

DescriptionCVE.org

Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.

AnalysisAI

A Server-Side Request Forgery (SSRF) vulnerability exists in Drupal Canvas versions prior to 1.1.1, allowing attackers to manipulate the server into making unauthorized requests to internal or external resources. This vulnerability affects all Drupal Canvas installations from version 0.0.0 through 1.1.0, enabling attackers to access sensitive internal services, bypass network segmentation, or exfiltrate data. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While a CVSS score and EPSS exploitation probability are not provided, the vulnerability's classification as SSRF (CWE-918) and its inclusion in the ENISA EUVD database (EUVD-2026-15476) indicate moderate-to-high real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated attacker could exploit this vulnerability by submitting a specially crafted request to a Drupal Canvas endpoint that accepts URL parameters (such as an image URL, remote content URL, or API endpoint field). The attacker supplies a malicious URL pointing to an internal service, such as http://169.254.169.254/latest/meta-data/ (AWS metadata), http://localhost:8080/admin, or a restricted internal API. …
Remediation	Upgrade Drupal Canvas to version 1.1.1 or later immediately, following the patch guidance provided in the Drupal security advisory (https://www.drupal.org/sa-contrib-2026-017). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-3216 vulnerability details – vuln.today

Back

Drupal Canvas CVE-2026-3216

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code