Auth bypass in Drupal File Access Fix (Deprecated)
CVE-2026-3525
Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects File Access Fix (deprecated): from 0.0.0 before 1.2.0.
Vulnerability class: Broken Access Control
EPSS: 0.000 (14.0th percentile) — read the EPSS interpretation.
Affected products
- Drupal File Access Fix (Deprecated) — versions 0.0.0