—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

Multiple Vulnerabilities in Drupal Plugins

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

    Drupal Date iCal module versions prior to 4.0.15
    Drupal Colorbox Inline module versions prior to 2.1.1
    Drupal Node View Permissions module versions prior to 2.0.1

Overview

Multiple vulnerabilities have been reported in Drupal modules, which could be exploited by an attacker to disclose sensitive information, bypass security restrictions and perform cross site scripting attack on the targeted system.

Target Audience:
Individuals and end-user organizations using Drupal Modules.

Risk Assessment:
High risk of unauthorized access, information disclosure and website compromise.

Impact Assessment:
Potential for data theft and system compromise.

Description

Drupal is an open-source content management system (CMS) which allows individuals and organizations to create, manage and maintain websites and web applications.

These vulnerabilities exist in the Drupal modules due to improper access control, insufficient validation of entity and field permissions and improper sanitization of user supplied input.

Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, bypass security restrictions and perform cross site scripting attack on the targeted system.

Solution

Apply appropriate updates as mentioned:
https://www.drupal.org/sa-contrib-2026-036

https://www.drupal.org/sa-contrib-2026-034

https://www.drupal.org/sa-contrib-2026-037

Vendor Information

Drupal
https://www.drupal.org/sa-contrib-2026-036
https://www.drupal.org/sa-contrib-2026-034
https://www.drupal.org/sa-contrib-2026-037

References

Drupal
https://www.drupal.org/sa-contrib-2026-036
https://www.drupal.org/sa-contrib-2026-034
https://www.drupal.org/sa-contrib-2026-037

CVE Name
CVE-2026-8491
CVE-2026-8493
CVE-2026-8495

– — 

Thanks and Regards,
CERT-In

Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQJPBAEBCAA5FiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoJansbFIAAAAAABAAO
bWFudTIsMi41KzEuMTIsMiwxAAoJEN4woHEnXMrPlk8P/RLer2SggrUN6wQAyGOj
XXVnlUT8hUyW0gJWmVIFWC3YF1V4v578C9GLNHCkDd0wb0whOEO7TBV9qOTDFB1F
EC5AuAlJVWW8V4VJGvv7Qg7Y2MWTQ81NyRsbYqkG3unMCXN+fIJBVMsnFu15EKrk
3YMQn+qqYyr7eFWpDKVx7Y4aAtOLGyHKuhwBj3Tqh9ROQuCpduEFwOHfgwJdfnHC
vrDQfl5Ill+VtTwTvec3UgbfYQJYpuYQMTbeQrGd4zWnIUlrgO0GgrbPMx5IZkQ0
QzEMmucshWjy5qRWGjU4ugWFqqUtVoPJe365EX7QXXHXxKZ8fCY4ChiOBjdq1wWo
3BGIRHskkBApoWn4AcRhSzAniAlq06D5FU63ai70ZAaMRfOZCCq11iiTLptmvkKj
bZes4clqG94tjAuIt08LwtBHjtPRn8wJcCzgrY6tVoHvrqeQazQEQJ1kT9GDkK12
TtkMDPYAl1t+orcxEZSB4QCAmUbDi991a0EAkZG3sZTDgPnHvV7qW/ic+zukR5PN
BgOx+aqza5K8aNUgY2m8PTnfqCZ18O2KhIMkaw+QGIf8RFAZ86NBVFMXXHH08LvY
QvgGiI+QzIAX2xjFgQYK4SX3Ze2eT3E+OANP+KIF1xDqfDkmkZrT62YvFwKwkEvb
PKOVflwMyWN308/pQ6dMzpXU
=4k1Q
—–END PGP SIGNATURE—–