Primary

Context

Drupal File Access Fix Incorrect Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

A vulnerability allowing access bypass has been identified in the Drupal File Access Fix (deprecated) module, affecting versions prior to 1.2.0. This issue arises because the module does not properly consider the results of hook_file_download when implemented by custom or contributed modules, leading to unauthorized access to files.

Impact

Exploitation of this vulnerability allows for forceful browsing, where users can bypass access controls to files, potentially leading to unauthorized file access.

Remediation

Users are advised to upgrade to File Access Fix version 8.x-1.2.

Added: Mar 26, 2026, 9:57 PM

Updated: Mar 26, 2026, 9:57 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal File Access Fix Incorrect Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating