Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-8495: Drupal Module Exposes iCal Feeds to Unauthorized Users
DRUPAL-CONTRIB-2026-037
CVE-2026-8495
Summary
A module in Drupal allows anyone to access sensitive date fields without permission. This could allow unauthorized users to view or manipulate sensitive information. Update the module to ensure it properly checks access and sanitizes user inputs.
What to do
- Update drupal drupal/date_ical to version 4.0.15.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Packagist:https://packages.drupal.org/8 | drupal | drupal/date_ical |
< 4.0.15 Fix: upgrade to 4.0.15
|
Original title
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing.
This issue affects Date iCal: from 0.0.0 before 4.0.15.
Original description
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing.
This issue affects Date iCal: from 0.0.0 before 4.0.15.
This issue affects Date iCal: from 0.0.0 before 4.0.15.
Vulnerability type
CWE-862
Missing Authorization
Published: 19 May 2026 · Updated: 28 May 2026 · First seen: 13 May 2026