CVE-2026-3210

CVE-2026-3210: Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011

Vendor Drupal
Product Material Icons
Weakness CWE-863 · Incorrect authorization
Published March 25, 2026
Last update March 26, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4.

Explanation of Vulnerability in Simple Terms

02Summary

The Material Icons module for Drupal contains an authorization flaw that allows users to perform actions they should not be permitted to do. The vulnerability affects versions before 2.0.4. Site administrators should update to version 2.0.4 or later to resolve the issue.

What an attacker can do

03Attacker Capabilities

Perform unauthorized actions within the Material Icons module based on incorrect permission checks.

Potential impact on your site

04Site Impact

Users may gain unintended access to Material Icons features or data depending on their role.

Conditions required to exploit

05Prerequisites

Access to a Drupal site running the affected Material Icons module.

Key dates

06Disclosure timeline

March 25, 2026 CVE published
March 26, 2026 Record updated

Related vulnerabilities

08Related CVE

CVE-2024-24774 Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) CVE-2024-26016 Apache Superset: Improper authorization validation on dashboards and charts import CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template CVE-2026-21289 Adobe Commerce | Incorrect Authorization (CWE-863) CVE-2025-4128 Mattermost Guest User Information Disclosure Vulnerability