CVE-2026-3527 PUBLISHED

AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022

Assigner: drupal
Reserved: 04.03.2026 Published: 26.03.2026 Updated: 26.03.2026

Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0.

Product Status

Vendor Drupal
Product AJAX Dashboard
Versions Default: unaffected
  • affected from 0.0.0 to 3.1.0 (excl.)

Credits

  • Juraj Nemec (poker10) finder
  • Michael Nolan (laboratory.mike) remediation developer
  • Bram Driesen (bramdriesen) coordinator
  • Greg Knaddison (greggles) coordinator
  • Juraj Nemec (poker10) coordinator

References

Problem Types

  • CWE-306 Missing Authentication for Critical Function CWE

Impacts

  • CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels