CVE-2026-3573

CVE-2026-3573: AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

Vendor Drupal
Product AI (Artificial Intelligence)
Weakness CWE-863 · Incorrect authorization
Published March 26, 2026
Last update March 30, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.

Explanation of Vulnerability in Simple Terms

02Summary

The AI module for Drupal contains an authorization flaw in versions before 1.1.11. An attacker with insufficient permissions may be able to perform actions they should not have access to. The exact scope of unauthorized actions depends on how the module enforces role-based access controls. Update to version 1.1.11 or later to resolve this issue.

What an attacker can do

03Attacker Capabilities

Perform actions or access resources they should not have permission to based on their user role.

Potential impact on your site

04Site Impact

Unauthorized users may bypass intended access restrictions on AI module features or data.

Conditions required to exploit

05Prerequisites

Access to a Drupal site running the vulnerable AI module; specific privilege level unknown.

Key dates

06Disclosure timeline

March 26, 2026 CVE published
March 30, 2026 Record updated

Related vulnerabilities

08Related CVE

CVE-2026-22230 OPEXUS eCASE Audit incorrect access control CVE-2023-38368 IBM Security Access Manager Docker information disclosure CVE-2026-3525 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020 CVE-2025-4646 A high privilege user is able to create and use a valid admin API token in centreon-web CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment