CVE-2026-8495 Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...

CVE-2026-8495

The Date iCal Drupal module (Date iCal) is affected by a Missing Authorization vulnerability that allows forceful browsing. Affected versions are 0.0.0 through 4.0.14, with exploitation stemming from insufficient access checks and input sanitization in the iCal feed export functionality, which ex...