High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-3573
High
Low
Medium
High
Critical
7.5
CVSS Score
Vulnerability Description
Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
N
Availability
N
Known Affected Software
19 configuration(s) from 1 vendor(s)
artificial_intelligence
Version:
1.2.3
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.3:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.1.1
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.1:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.2.5
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.5:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.0.6
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.6:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.2.1
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.1:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.0.4
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.4:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.1.2
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.2:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.2.6
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.6:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.0.3
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.3:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.1.4
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.4:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.1.3
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.3:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.2.0
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.0:alpha1:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.0
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.0:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.5
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.5:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.2.2
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.2:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.0.2
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.2:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.1
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.1:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.2.4
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.4:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.1.0
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.0:beta1:*:*:*:drupal:*:*
This vulnerability affects 19 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
7.5
out of 10.0
High
Weakness Type (CWE)
CWE-863
Top 25 #24
Incorrect Authorization
- Description
- The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
- Exploit Likelihood
- High
- Typical Severity
- High
- OWASP Top 10
- A01:2021-Broken Access Control
- Abstraction Level
- Class
Key Information
- Published Date
- March 26, 2026
