Missing Authentication Vulnerability in Drupal AJAX Dashboard by Drupal
CVE-2026-3527

Currently unrated

Key Information:

Vendor: Drupal
Status: Ajax Dashboard
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-3527?

A vulnerability in the AJAX Dashboard component of Drupal allows unauthorized users to exploit incorrectly configured access control settings. This may enable them to access sensitive functionalities without proper authentication. Versions from 0.0.0 up to 3.1.0 are affected, making it imperative for users to review their access controls and apply necessary updates to secure their installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AJAX Dashboard 0.0.0 < 3.1.0

References

https://www.drupal.org/sa-contrib-2026-022

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Mar 4, 2026

Credit

Juraj Nemec (poker10)

Michael Nolan (laboratory.mike)

Bram Driesen (bramdriesen)

Greg Knaddison (greggles)