Platform
drupal
Component
drupal
Fixed in
1.2.1
1.2.2
A Cross-Site Request Forgery (CSRF) vulnerability exists in Drupal Theme Negotiation by Rules, impacting versions up to 1.2.1. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications of the site's configuration or data. The vulnerability has been published on 2026-03-25, and a patch is available in version 1.2.1.
The CSRF vulnerability in Drupal Theme Negotiation by Rules allows an attacker to craft malicious requests that appear to originate from a legitimate user. If successful, an attacker could modify theme negotiation rules, potentially altering how the site renders content or redirects users. This could lead to defacement, redirection to malicious websites, or even the execution of arbitrary code if the theme negotiation rules are exploited in conjunction with other vulnerabilities. The blast radius extends to any user with access to the administrative interface, as their actions could be hijacked.
This vulnerability is currently not known to be actively exploited. It was publicly disclosed on 2026-03-25. No public proof-of-concept exploits are currently available. The vulnerability has not been added to the CISA KEV catalog.
Exploit Status
EPSS
0.02% (4% percentile)
CVSS Vector
The primary mitigation for CVE-2026-3211 is to immediately upgrade Drupal Theme Negotiation by Rules to version 1.2.1 or later. If upgrading is not immediately feasible, consider implementing strict input validation and output encoding on all user-supplied data used in theme negotiation rules. Implementing a CSRF protection mechanism, such as a token system, can also help mitigate the risk. After upgrading, confirm the fix by attempting to submit a malicious request and verifying that it is blocked.
Update the Theme Negotiation by Rules module to version 1.2.1 or higher. This version fixes the CSRF vulnerability. You can download the latest version from the project page on drupal.org or update via Composer.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3211 is a Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules that allows attackers to perform unauthorized actions.
You are affected if you are using Drupal Theme Negotiation by Rules versions ≤1.2.1. Upgrade to 1.2.1 to mitigate the risk.
Upgrade Drupal Theme Negotiation by Rules to version 1.2.1 or later. Consider implementing CSRF protection mechanisms if immediate upgrade is not possible.
Currently, there are no reports of CVE-2026-3211 being actively exploited, but it is important to apply the patch promptly.
Refer to the official Drupal security advisory for detailed information and updates regarding CVE-2026-3211.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your composer.lock file and we'll tell you instantly if you're affected.