{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3211", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2026-02-25T16:59:25.803Z", "datePublished": "2026-03-25T15:21:53.456Z", "dateUpdated": "2026-03-26T14:36:19.903Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-25T15:21:53.456Z"}, "title": "Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012", "datePublic": "2026-02-25T18:44:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "affected": [{"vendor": "Drupal", "product": "Theme Negotiation by Rules", "collectionURL": "https://www.drupal.org/project/theme_rule", "repo": "https://git.drupalcode.org/project/theme_rule", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.2.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.<p>This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.</p>"}]}], "references": [{"url": "https://www.drupal.org/sa-contrib-2026-012"}], "credits": [{"lang": "en", "value": "Juraj Nemec (poker10)", "type": "finder"}, {"lang": "en", "value": "Zoltan Attila Horvath (huzooka)", "type": "remediation developer"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "remediation developer"}, {"lang": "en", "value": "Damien McKenna (damienmckenna)", "type": "coordinator"}, {"lang": "en", "value": "Greg Knaddison (greggles)", "type": "coordinator"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "coordinator"}, {"lang": "en", "value": "Jess (xjm)", "type": "coordinator"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T20:01:50.080840Z", "id": "CVE-2026-3211", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T14:36:19.903Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3211", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:01:50.080840Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:02:11.416Z"}}], "cna": {"title": "Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "remediation developer", "value": "Zoltan Attila Horvath (huzooka)"}, {"lang": "en", "type": "remediation developer", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Damien McKenna (damienmckenna)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Jess (xjm)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/theme_rule", "vendor": "Drupal", "product": "Theme Negotiation by Rules", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.2.1", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/theme_rule", "defaultStatus": "unaffected"}], "datePublic": "2026-02-25T18:44:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2026-012"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.", "supportingMedia": [{"type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.<p>This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-25T15:21:53.456Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3211", "state": "PUBLISHED", "dateUpdated": "2026-03-26T14:36:19.903Z", "dateReserved": "2026-02-25T16:59:25.803Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2026-03-25T15:21:53.456Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webikon:theme_negotiation_by_rules:*:*:*:*:*:drupal:*:*", "matchCriteriaId": "F3441E70-ABC2-4D30-8BA6-7C7EC8490466", "versionEndExcluding": "1.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Drupal Theme Negotiation by Rules permite la falsificaci\u00f3n de petici\u00f3n en sitios cruzados. Este problema afecta a Theme Negotiation by Rules: desde 0.0.0 antes de 1.2.1."}], "id": "CVE-2026-3211", "lastModified": "2026-03-31T19:23:14.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T16:16:22.080", "references": [{"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-contrib-2026-012"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,1.2.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Theme Negotiation by Rules", "source": "cna", "vendor": "Drupal"}, "product": "theme_negotiation_by_rules", "vendor": "drupal"}], "analysis": {"en": {"generated_at": "2026-04-01T05:48:17.321178+00:00", "value": {"mitigation_remediation": ["Update the Theme Negotiation by Rules module to version 1.2.1 or later, which removes the CSRF flaw.", "Ensure that all forms on the site include the required CSRF tokens and that Drupal\u2019s built\u2011in CSRF protections are enabled.", "Audit user activity for unexpected state\u2011changing requests that may indicate a CSRF attack.", "If the module cannot be updated immediately, disable it or restrict its access to trusted administrators until a patch is applied."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Request Forgery"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in Drupal installations that use the contributed module Theme Negotiation by Rules. All releases from version 0.0.0 up to, but not including, 1.2.1 are affected. The issue does not involve core Drupal code.", "description_and_impact": "Theme Negotiation by Rules contains a Cross\u2011Site Request Forgery weakness that lets an attacker craft requests that are executed by a logged\u2011in user\u2019s browser. Because the module does not validate the origin of submitted forms, a malicious site can trigger privileged actions on the Drupal site, such as changing theme settings or other configuration data. This flaw is classified as CWE\u2011352.", "risk_and_exploitability": "The advisory assigns a CVSS score of 4.3, indicating moderate severity, and an EPSS score of less than 1%, implying a low current exploitation probability. This flaw is not listed in the CISA KEV catalog, so no active weaponized attacks are reported. An attacker would need to entice a legitimate user to load a malicious page that submits a forged request, a common CSRF scenario. Consequently, any site that uses the affected module should treat the risk as moderate and address it promptly."}}}}, "created": "2026-03-25T21:31:04.559489+00:00", "updated": "2026-04-02T07:59:13.825907+00:00", "vendors": ["drupal", "drupal$PRODUCT$theme_negotiation_by_rules"]}