Drupal AI <1.1.11 & <1.2.12: Incorrect Auth Enables Resource Injection
CVE-2026-3573 Published on March 26, 2026
AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028
Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2026-3573 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-3573
Want to know whenever a new CVE is published for Drupal Artificial Intelligence? stack.watch will email you.
Affected Versions
Drupal AI (Artificial Intelligence):- Version 0.0.0 and below 1.1.11 is affected.
- Version 1.2.0 and below 1.2.12 is affected.