Primary

Context

Drupal Automated Logout Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Drupal Automated Logout module, specifically in versions prior to 1.7.0 and in the 2.0.0 series up to but not including 2.0.2. This vulnerability allows the logout route to be activated without user interaction, as the module does not adequately protect its routes from CSRF attacks.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, where an attacker can trick a user into performing actions they did not intend to, such as logging out of a session.

Remediation

Users of the Automated Logout module should upgrade to version 1.7.0 or version 2.0.2. Instructions for downloading the latest version are available on the Drupal project page for Automated Logout.

Added: Mar 26, 2026, 9:20 PM

Updated: Mar 26, 2026, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Automated Logout Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating