Missing Authentication Vulnerability in Drupal AJAX Dashboard by Drupal
CVE-2026-3527

Currently unrated

Key Information:

Vendor: Drupal
Status: Ajax Dashboard
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-3527?

A vulnerability in the AJAX Dashboard component of Drupal allows unauthorized users to exploit incorrectly configured access control settings. This may enable them to access sensitive functionalities without proper authentication. Versions from 0.0.0 up to 3.1.0 are affected, making it imperative for users to review their access controls and apply necessary updates to secure their installations.

Affected Version(s)

AJAX Dashboard 0.0.0 < 3.1.0

References

https://www.drupal.org/sa-contrib-2026-022

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Mar 4, 2026

Credit

Juraj Nemec (poker10)

Michael Nolan (laboratory.mike)

Bram Driesen (bramdriesen)

Greg Knaddison (greggles)

Juraj Nemec (poker10)

CVE-2026-3527 Data

JSON