Skip to main content

File Access Fix Deprecated

2 CVEs product

Monthly

CVE-2026-3526 PHP MEDIUM PATCH This Month

Forceful browsing attacks in Drupal File Access Fix (deprecated) versions below 1.2.0 allow unauthenticated remote attackers to bypass file access controls and retrieve unauthorized files through direct path enumeration. The vulnerability stems from incorrect authorization validation in the deprecated module (cpe:2.3:a:drupal:file_access_fix_(deprecated):*:*:*:*:*:*:*:*), affecting all versions from 0.0.0 through 1.1.x. No public exploit code or active exploitation has been identified at time of analysis, but the deprecated status and widespread use of Drupal installations increase real-world risk exposure.

Authentication Bypass File Access Fix Deprecated
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3525 PHP MEDIUM PATCH This Month

Forceful browsing via incorrect authorization in Drupal File Access Fix (deprecated) module versions prior to 1.2.0 allows unauthenticated remote attackers to access files without proper access control checks. The vulnerability stems from CWE-863 (Incorrect Authorization) and affects all versions from 0.0.0 through 1.2.0. No public exploit code or active exploitation has been confirmed at the time of analysis, but the straightforward nature of authorization bypass attacks in file access contexts presents moderate real-world risk to installations still running deprecated versions of this module.

Authentication Bypass File Access Fix Deprecated
NVD
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Forceful browsing attacks in Drupal File Access Fix (deprecated) versions below 1.2.0 allow unauthenticated remote attackers to bypass file access controls and retrieve unauthorized files through direct path enumeration. The vulnerability stems from incorrect authorization validation in the deprecated module (cpe:2.3:a:drupal:file_access_fix_(deprecated):*:*:*:*:*:*:*:*), affecting all versions from 0.0.0 through 1.1.x. No public exploit code or active exploitation has been identified at time of analysis, but the deprecated status and widespread use of Drupal installations increase real-world risk exposure.

Authentication Bypass File Access Fix Deprecated
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Forceful browsing via incorrect authorization in Drupal File Access Fix (deprecated) module versions prior to 1.2.0 allows unauthenticated remote attackers to access files without proper access control checks. The vulnerability stems from CWE-863 (Incorrect Authorization) and affects all versions from 0.0.0 through 1.2.0. No public exploit code or active exploitation has been confirmed at the time of analysis, but the straightforward nature of authorization bypass attacks in file access contexts presents moderate real-world risk to installations still running deprecated versions of this module.

Authentication Bypass File Access Fix Deprecated
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy