Drupal Translate GTranslate <3.0.5 Resource Spoofing CVE-2026-8492
CVE-2026-8492 Published on May 19, 2026
Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - SA-CONTRIB-2026-035
Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing.
This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5.
Vulnerability Analysis
CVE-2026-8492 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is a MAID Vulnerability?
The software does not properly protect an assumed-immutable element from being modified by an attacker. This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.
CVE-2026-8492 has been classified to as a MAID vulnerability or weakness.
Products Associated with CVE-2026-8492
Want to know whenever a new CVE is published for Drupal? stack.watch will email you.
Affected Versions
Translate Drupal with GTranslate:- Version 0.0.0 and below 3.0.5 is affected.