CVE-2026-8492

CVE-2026-8492: Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - SA-CONTRIB-2026-035

Vendor Drupal
Product Translate Drupal with GTranslate
Weakness CWE-471
Published May 19, 2026
Last update May 20, 2026

CVSS base score

What the vulnerability does

01Description

Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5.

Explanation of Vulnerability in Simple Terms

02Summary

A vulnerability exists in the Translate Drupal with GTranslate module affecting versions before 3.0.5. The exact nature of the vulnerability cannot be determined from available metadata, as the CVSS score, vector, and detailed CWE classification are not provided. Site administrators should update to version 3.0.5 or later immediately.

What an attacker can do

03Attacker Capabilities

Unknown; insufficient technical metadata to determine attack capability.

Potential impact on your site

04Site Impact

Update the Translate Drupal with GTranslate module to version 3.0.5 or later to address this vulnerability.

Conditions required to exploit

05Prerequisites

Unknown; insufficient technical metadata to determine requirements.

Key dates

06Disclosure timeline

May 19, 2026 CVE published
May 20, 2026 Record updated