CVE-2026-3573
Received
Received - Intake
Incorrect Authorization in Drupal AI Enables Resource Injection
Publication date: 2026-03-26
Last updated on: 2026-03-31
Assigner: Drupal.org
Description
Description
Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| artificial_intelligence_project | artificial_intelligence | to 1.1.11 (exc) |
| artificial_intelligence_project | artificial_intelligence | From 1.2.0 (inc) to 1.2.12 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Authorization issue in the Drupal AI (Artificial Intelligence) module. It allows Resource Injection, meaning unauthorized users might be able to inject or manipulate resources within the system. The affected versions are from 0.0.0 before 1.1.11 and from 1.2.0 before 1.2.12.
How can this vulnerability impact me? :
The vulnerability could allow unauthorized access or manipulation of resources in the Drupal AI module, potentially leading to unauthorized actions or data manipulation within the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70