Bug 2451940 (CVE-2026-3573)

Summary: CVE-2026-3573 drupal: ai: Drupal AI: Resource Injection due to Incorrect Authorization
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Drupal AI (Artificial Intelligence). An incorrect authorization vulnerability allows for resource injection. This issue enables an attacker to inject unauthorized resources, potentially leading to unintended system behavior or compromise.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2451972, 2451971    
Bug Blocks:    

Description OSIDB Bzimport 2026-03-26 21:03:02 UTC
Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.