CVE-2026-3216

CVE-2026-3216: Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017

Vendor Drupal

Product Drupal Canvas

Weakness CWE-918 · SSRF

Published March 25, 2026

Last update March 27, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.

Key dates

Disclosure timeline

March 25, 2026 CVE published

March 27, 2026 Record updated