CVE-2026-3573
Received Received - Intake
Incorrect Authorization in Drupal AI Enables Resource Injection

Publication date: 2026-03-26

Last updated on: 2026-03-31

Assigner: Drupal.org

Description
Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3573
EUVD
EUVD-2026-16391
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
artificial_intelligence_project artificial_intelligence to 1.1.11 (exc)
artificial_intelligence_project artificial_intelligence From 1.2.0 (inc) to 1.2.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Incorrect Authorization issue in the Drupal AI (Artificial Intelligence) module. It allows Resource Injection, meaning unauthorized users might be able to inject or manipulate resources within the system. The affected versions are from 0.0.0 before 1.1.11 and from 1.2.0 before 1.2.12.

Impact Analysis

The vulnerability could allow unauthorized access or manipulation of resources in the Drupal AI module, potentially leading to unauthorized actions or data manipulation within the affected system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3573. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart