Bug 2451928 (CVE-2026-3527)
| Summary: | CVE-2026-3527 AJAX Dashboard: Drupal: Drupal AJAX Dashboard: Unauthorized access via missing authentication | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the Drupal AJAX Dashboard. This vulnerability stems from missing authentication for critical functions, allowing an attacker to exploit incorrectly configured access control security levels. This could lead to unauthorized access to sensitive data or functions within the dashboard.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2451960, 2451959 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-03-26 21:02:14 UTC
|