CVE-2026-3573 PUBLISHED

AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

Assigner: drupal
Reserved: 04.03.2026 Published: 26.03.2026 Updated: 26.03.2026

Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.

Product Status

Vendor	Drupal
Product	AI (Artificial Intelligence)
Versions	Default: unaffected affected from 0.0.0 to 1.1.11 (excl.) affected from 1.2.0 to 1.2.12 (excl.)

Credits

Marcus Johansson (marcus_johansson) finder
Artem Dmitriiev (a.dmitriiev) remediation developer
Abhisek Mazumdar (abhisekmazumdar) remediation developer
Dave Long (longwave) remediation developer
Marcus Johansson (marcus_johansson) remediation developer
Valery Lourie (valthebald) remediation developer
Greg Knaddison (greggles) coordinator
Drew Webber (mcdruid) coordinator
Jess (xjm) coordinator

References

https://www.drupal.org/sa-contrib-2026-028

Problem Types

CWE-863 Incorrect Authorization CWE

Impacts

CAPEC-240 Resource Injection