Medium severity6.5NVD Advisory· Published Mar 25, 2026· Updated Apr 2, 2026
CVE-2026-3214
CVE-2026-3214
Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.drupal.org/sa-contrib-2026-015nvdVendor Advisory
News mentions
24- Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)Wordfence Blog · May 14, 2026
- Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt StrikeThe Hacker News · May 14, 2026
- Why we use CAPTCHAs, (Mon, May 11th)SANS Internet Storm Center · May 11, 2026
- Australian Cyber Security Centre Issues Alert Over ClickFix AttacksInfosecurity Magazine · May 8, 2026
- One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity RiskThe Hacker News · May 8, 2026
- Australia warns of ClickFix attacks pushing Vidar Stealer malwareBleepingComputer · May 7, 2026
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesThe Hacker News · May 7, 2026
- Microsoft Flags Mass Phishing Campaign Using Fake Compliance EmailsInfosecurity Magazine · May 5, 2026
- Microsoft Warns of Sophisticated Phishing Campaign Targeting US OrganizationsSecurityWeek · May 5, 2026
- Microsoft: Phishing campaign used fake compliance notices to compromise employee accountsHelp Net Security · May 5, 2026
- Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 CountriesThe Hacker News · May 5, 2026
- ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & MoreThe Hacker News · May 4, 2026
- Critical cPanel Vulnerability Weaponized to Target Government and MSP NetworksThe Hacker News · May 4, 2026
- A week in security (April 27 – May 3)Malwarebytes Labs · May 4, 2026
- 30,000 Facebook Accounts Hacked via Google AppSheet Phishing CampaignThe Hacker News · May 1, 2026
- Fake CAPTCHA scam turns a quick click into a costly phone billMalwarebytes Labs · Apr 28, 2026
- Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto FraudThe Hacker News · Apr 27, 2026
- It pays to be a forever studentCisco Talos Intelligence · Apr 23, 2026
- Moving past bots vs. humansCloudflare Blog · Apr 21, 2026
- The n8n n8mare: How threat actors are misusing AI workflow automationCisco Talos Intelligence · Apr 15, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (March 23, 2026 to March 29, 2026)Wordfence Blog · Apr 2, 2026
- New Venom Stealer MaaS Platform Automates Continuous Data TheftInfosecurity Magazine · Apr 1, 2026
- 30th March – Threat Intelligence ReportCheck Point Research · Mar 30, 2026
- Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer CampaignInfosecurity Magazine · Mar 11, 2026