| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Known vulnerabilities affecting Drupal products and systems
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-4933 | Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0. | 7.5 | 450 | Neutral | No |
| Yes |
| CVE-2026-4393 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2. | 4.3 | 163 | Neutral | No | Yes |
| CVE-2026-3573 | Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.... | 7.5 | 450 | Neutral | No | Yes |
| CVE-2026-3532 | Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0. | 4.2 | 98 | Neutral | No | Yes |
| CVE-2026-3531 | This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a ne... | 6.5 | 209 | Neutral | No | Yes |
| CVE-2026-3530 | This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a ne... | 4.3 | 228 | Neutral | No | Yes |
| CVE-2026-3529 | The Google Analytics GA4 module enables users to add custom attributes to the script tag used to load the Google Analytics library. The module does not sufficiently sanitize these attributes. This vul... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2026-3528 | This module extends the Drupal form API adding "Calculation element" form element types, which can evaluate a maths expression. It offers webform integration. The module doesn't sufficiently validate ... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2026-3527 | AJAX Dashboard: Entity Dashboards enables you to create configurable dashboards attached to entities which include AJAX-reloading of a main content area based on inputs from a configurable set of butt... | 6.5 | 344 | Neutral | No | Yes |
| CVE-2026-3526 | This module moves files to and from private storage depending on the access of its owning entities. The module does not always validate the access logic correctly, resulting in files attached to an en... | 5.3 | 188 | Neutral | No | Yes |
| CVE-2026-3525 | This module moves files to and from private storage depending on the access of its owning entities. The module does not sufficiently incorporate the results of hook_file_download when a custom or cont... | 5.3 | 188 | Neutral | No | Yes |
| CVE-2026-3218 | This module adds the favicons generated by realfavicongenerator.net to your Drupal site. The module does not filter administrator-entered text, leading to a persistent Cross-site scripting (XSS) vulne... | 4.8 | 202 | Neutral | No | Yes |
| CVE-2026-3217 | This module enables you to perform SAML protocol-based single sign-on (SSO) on a Drupal site. The module doesn't sufficiently sanitize user input, leading to a reflected Cross-site scripting (XSS) vul... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2026-3216 | This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on a... | 5.0 | 239 | Neutral | No | Yes |
| CVE-2026-3215 | This module integrates with Islandora, an open-source digital asset management (DAM) framework. Islandora integrates with various open-source services, which can be run in a distributed environment. T... | 5.4 | 223 | Neutral | No | Yes |
| CVE-2026-3214 | This module enables you to protect web forms from automated spam by requiring users to pass a challenge. The module doesn't sufficiently invalidate used security tokens under certain scenarios, which ... | 6.5 | 216 | Neutral | No | Yes |
| CVE-2026-3213 | This module enables you to block bots by Firewall. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site scripting (XSS) vulnerability. This vulnerability is mitigated ... | 4.7 | 211 | Neutral | No | Yes |
| CVE-2026-3212 | This module integrates the Tagify JavaScript library to enhance taxonomy entity reference widgets. The module does not sufficiently sanitise user-supplied input before rendering it inside JavaScript t... | 5.4 | 223 | Neutral | No | Yes |
| CVE-2026-3211 | This module allows site builders to create so-called "theme_rule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module u... | 4.3 | 163 | Neutral | No | Yes |
| CVE-2026-3210 | This module enables you to add icons to CKEditor. The module doesn't sufficiently add custom permissions to the dialog and autocomplete routes, allowing full access to the routes in most scenarios. | 5.3 | 188 | Neutral | No | Yes |