Auth bypass in Drupal Flowdrop

CVE-2026-58589

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0.

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References