Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.CreditsDrew Webber (mcdruid)Joël Pittet (joelpittet)Greg Knaddison (greggles)Dave Long (longwave)Juraj Nemec (poker10)Drew Webber (mcdruid)Referenceshttps://www.drupal.org/sa-contrib-2026-037
