CVE-2026-8495: Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037
Published May 19, 2026
·Updated
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.
Affected Software
2 affected components
Drupal Date iCal>=0.0.0<4.0.15
Date Ical Project Date Ical Drupal<4.0.15
Event History
May 19, 2026
CVE Published
via MITRE·10:29 PM
Data Sourced
via MITRE·10:29 PM
DescriptionWeakness
Data Sourced
via NVD·11:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-8495?
CVE-2026-8495 is classified as a critical vulnerability due to its potential for information disclosure.
2
How do I fix CVE-2026-8495?
To mitigate CVE-2026-8495, upgrade the Date iCal module to version 4.0.15 or later.
3
What products are affected by CVE-2026-8495?
CVE-2026-8495 affects the Drupal Date iCal module versions from 0.0.0 before 4.0.15.
4
What type of vulnerability is CVE-2026-8495?
CVE-2026-8495 is an information disclosure vulnerability caused by missing authorization.
5
What is forceful browsing in the context of CVE-2026-8495?
Forceful browsing in CVE-2026-8495 refers to an attack method that allows unauthorized access to resources.