Auth bypass in Drupal Flowdrop
CVE-2026-58589
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0.
Vulnerability class: Broken Access Control
Affected products
- Drupal Flowdrop — versions 0.0.0