CVE-2026-4393

CVE-2026-4393: Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

Vendor Drupal
Product Automated Logout
Weakness CWE-352 · CSRF
Published March 26, 2026
Last update March 30, 2026

CVSS base score

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2.

Explanation of Vulnerability in Simple Terms

02Summary

The Automated Logout module for Drupal contains a cross-site request forgery (CSRF) vulnerability in versions before 1.7.0. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, triggers unintended actions on the site. Update to version 1.7.0 or later to patch this issue.

What an attacker can do

03Attacker Capabilities

Trick a logged-in admin into performing unintended actions via a malicious link or page.

Potential impact on your site

04Site Impact

An attacker can perform unauthorized actions as an admin if they trick an admin into clicking a link.

Conditions required to exploit

05Prerequisites

The victim must be logged in and click a malicious link or visit an attacker-controlled page.

Key dates

06Disclosure timeline

March 26, 2026 CVE published
March 30, 2026 Record updated