What the vulnerability does
01Description
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0.
Explanation of Vulnerability in Simple Terms
02Summary
A missing authentication check in the AJAX Dashboard module for Drupal allows unauthenticated users to access sensitive dashboard functionality. The vulnerability affects all versions before 3.1.0. Site administrators should update immediately to version 3.1.0 or later to prevent unauthorized access to dashboard data and operations.
What an attacker can do
03Attacker Capabilities
Access dashboard functionality and data without logging in.
Potential impact on your site
04Site Impact
Unauthorized users can view and potentially modify dashboard data and settings.
Conditions required to exploit
05Prerequisites
Network access to the Drupal site; no authentication required.
Key dates
06Disclosure timeline
March 26, 2026
CVE published
March 27, 2026
Record updated