{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3211", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2026-02-25T16:59:25.803Z", "datePublished": "2026-03-25T15:21:53.456Z", "dateUpdated": "2026-03-25T20:02:15.708Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-25T15:21:53.456Z"}, "title": "Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012", "datePublic": "2026-02-25T18:44:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "affected": [{"vendor": "Drupal", "product": "Theme Negotiation by Rules", "collectionURL": "https://www.drupal.org/project/theme_rule", "repo": "https://git.drupalcode.org/project/theme_rule", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.2.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.<p>This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.</p>"}]}], "references": [{"url": "https://www.drupal.org/sa-contrib-2026-012"}], "credits": [{"lang": "en", "value": "Juraj Nemec (poker10)", "type": "finder"}, {"lang": "en", "value": "Zoltan Attila Horvath (huzooka)", "type": "remediation developer"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "remediation developer"}, {"lang": "en", "value": "Damien McKenna (damienmckenna)", "type": "coordinator"}, {"lang": "en", "value": "Greg Knaddison (greggles)", "type": "coordinator"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "coordinator"}, {"lang": "en", "value": "Jess (xjm)", "type": "coordinator"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T20:01:50.080840Z", "id": "CVE-2026-3211", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:02:15.708Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3211", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:01:50.080840Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:02:11.416Z"}}], "cna": {"title": "Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "remediation developer", "value": "Zoltan Attila Horvath (huzooka)"}, {"lang": "en", "type": "remediation developer", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Damien McKenna (damienmckenna)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Jess (xjm)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/theme_rule", "vendor": "Drupal", "product": "Theme Negotiation by Rules", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.2.1", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/theme_rule", "defaultStatus": "unaffected"}], "datePublic": "2026-02-25T18:44:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2026-012"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.", "supportingMedia": [{"type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.<p>This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-25T15:21:53.456Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3211", "state": "PUBLISHED", "dateUpdated": "2026-03-25T20:02:15.708Z", "dateReserved": "2026-02-25T16:59:25.803Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2026-03-25T15:21:53.456Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1."}], "id": "CVE-2026-3211", "lastModified": "2026-03-25T20:16:34.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T16:16:22.080", "references": [{"source": "mlhess@drupal.org", "url": "https://www.drupal.org/sa-contrib-2026-012"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T16:22:30.759886+00:00", "value": {"mitigation_remediation": ["Update the Theme Negotiation by Rules module to version 1.2.1 or later.", "Confirm the upgrade and verify that the module\u2019s forms now include CSRF protection.", "If the upgrade cannot be applied immediately, disable or remove the module to prevent unauthorized actions.", "Monitor site logs for unexpected requests that may indicate an attempted CSRF attack."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Request Forgery"}, "threat_synthesis": {"affected_systems": "All installations of Theme Negotiation by Rules, from version 0.0.0 up to, but not including, 1.2.1, on Drupal content\u2011management systems are impacted.", "description_and_impact": "The Drupal Theme Negotiation by Rules module contains a flaw that permits malicious actors to forge requests on behalf of legitimate users. By exploiting the missing CSRF protection, an attacker can cause the application to execute privileged actions such as changing theme settings or other module\u2011specific operations, resulting in loss of data integrity and potential tampering.", "risk_and_exploitability": "The vulnerability is of moderate severity; CVSS scoring is not provided and there is no EPSS data. It is not listed in the CISA KEV catalog. Attackers can exploit the flaw by sending a crafted request from a malicious page while a logged\u2011in user visits, causing the site to perform a state\u2011changing action without the user\u2019s consent. No privileged escalation is required, so ordinary site visitors or account holders can be targets."}}}}, "created": "2026-03-25T21:31:04.559489+00:00", "updated": "2026-03-25T21:31:04.559558+00:00", "vendors": []}