Missing Authorization in FlowDrop Affects Drupal Products
CVE-2026-58589

Currently unrated

Key Information:

Vendor

Drupal

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-58589?

A missing authorization vulnerability in FlowDrop can potentially allow attackers to bypass security controls, leading to unauthenticated access to restricted areas of the application. This impacts users running FlowDrop versions from 0.0.0 to 1.6.0, enabling forceful browsing, which poses significant security risks.

Affected Version(s)

FlowDrop 0.0.0 < 1.6.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aincient Labs (aincient labs)
Shibin Das (d34dman)
Greg Knaddison (greggles)
Neil Drumm (drumm)
Juraj Nemec (poker10)
Dave Long (longwave)
.