Vulnerability in Drupal Captcha

CVE-2026-3214

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.

EPSS: 0.001 (16.6th percentile) — read the EPSS interpretation.

Affected products

Drupal Captcha — versions 0.0.0, 2.0.0

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

www.drupal.org/sa-contrib-2026-015