Discussion on "SA-CONTRIB-2026-012: Theme Negotiation by Rules CSRF — GET Requests That Mutate State"

victorstackAI · 2026-03-10T19:08:20.025Z

On February 25, 2026, Drupal published SA-CONTRIB-2026-012 for Theme Negotiation by Rules (drupal/theme_rule), tracked as CVE-2026-3211. The vulnerability: enable/disable actions for theme rules fire through GET requests. No CSRF token required. 🚨 ...

Discussion on "SA-CONTRIB-2026-012: Theme Negotiation by Rules CSRF — GET Requests That Mutate State" | Hashnode

Search Hashnode

SA-CONTRIB-2026-012: Theme Negotiation by Rules CSRF — GET Requests That Mutate State

Responses