Skip to main content

Theme Negotiation By Rules

1 CVEs product

Monthly

CVE-2026-3211 PHP MEDIUM PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Drupal Theme Negotiation by Rules module, affecting all versions from 0.0.0 before 1.2.1. An attacker can exploit this flaw to perform unauthorized actions on behalf of authenticated users by crafting malicious requests that bypass CSRF protections in the theme negotiation functionality. The vulnerability has been officially documented by the Drupal security team via SA-contrib-2026-012, and users of this contrib module should prioritize patching to version 1.2.1 or later.

CSRF Theme Negotiation By Rules
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Drupal Theme Negotiation by Rules module, affecting all versions from 0.0.0 before 1.2.1. An attacker can exploit this flaw to perform unauthorized actions on behalf of authenticated users by crafting malicious requests that bypass CSRF protections in the theme negotiation functionality. The vulnerability has been officially documented by the Drupal security team via SA-contrib-2026-012, and users of this contrib module should prioritize patching to version 1.2.1 or later.

CSRF Theme Negotiation By Rules
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy