Missing Authorization Vulnerability in Drupal FlowDrop
CVE-2026-58590

Currently unrated

Key Information:

Vendor

Drupal

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-58590?

The vulnerability in Drupal FlowDrop allows an attacker to perform forceful browsing due to insufficient authorization checks. This security flaw impacts versions 0.0.0 through 1.6.0, enabling unauthorized access to restricted functionalities. It is crucial for users of FlowDrop to review their application settings and implement necessary security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

FlowDrop 0.0.0 < 1.6.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aincient Labs (aincient labs)
Shibin Das (d34dman)
Greg Knaddison (greggles)
Neil Drumm (drumm)
Juraj Nemec (poker10)
Dave Long (longwave)
.