Skip to main content

Date Ical

1 CVEs product

Monthly

CVE-2026-8495 PHP CRITICAL PATCH Act Now

Forceful browsing in the Drupal Date iCal contributed module (versions prior to 4.0.15) allows remote unauthenticated attackers to bypass authorization checks and access protected calendar resources. Despite a CVSS score of 9.8, the EPSS exploitation probability sits at just 0.02% (4th percentile) and no public exploit has been identified at time of analysis. The flaw is a CWE-862 missing authorization issue patched by the Drupal Security Team in version 4.0.15.

Authentication Bypass Date Ical
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Forceful browsing in the Drupal Date iCal contributed module (versions prior to 4.0.15) allows remote unauthenticated attackers to bypass authorization checks and access protected calendar resources. Despite a CVSS score of 9.8, the EPSS exploitation probability sits at just 0.02% (4th percentile) and no public exploit has been identified at time of analysis. The flaw is a CWE-862 missing authorization issue patched by the Drupal Security Team in version 4.0.15.

Authentication Bypass Date Ical
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy