Auth bypass in Drupal Ajax Dashboard

CVE-2026-3527

Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0.

Vulnerability class: Broken Authentication

EPSS: 0.000 (3.4th percentile) — read the EPSS interpretation.

Affected products

Drupal Ajax Dashboard — versions 0.0.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

www.drupal.org/sa-contrib-2026-022