High severity7.5NVD Advisory· Published Mar 26, 2026· Updated Mar 31, 2026

CVE-2026-3573

Description

Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.

Affected products

Artificial Intelligence Project/Artificial Intelligence
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:*:*:*:*:*:drupal:*:*
Range: <1.1.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.drupal.org/sa-contrib-2026-028nvdVendor Advisory

News mentions

No linked articles in our index yet.

Severity

HighCVSS v3.1

7.5/ 10

Attack vector: Network
Complexity: Low
Privileges: None
User interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

Probability of exploitation in the next 30 days.

0.06%

VYPR risk score

Composite of severity, exploitation, and reach.

0.49medium

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-863
Incorrect Authorization

CVE ID

CVE-2026-3573

Credits

MJ
Marcus Johansson (marcus_johansson)
finder
DW
Drew Webber (mcdruid)
coordinator
GK
Greg Knaddison (greggles)
coordinator
J(
Jess (xjm)
coordinator
AM
Abhisek Mazumdar (abhisekmazumdar)
remediation developer
AD
Artem Dmitriiev (a.dmitriiev)
remediation developer
DL
Dave Long (longwave)
remediation developer
MJ
Marcus Johansson (marcus_johansson)
remediation developer
VL
Valery Lourie (valthebald)
remediation developer