Skip to main content

Ajax Dashboard

1 CVEs product

Monthly

CVE-2026-3527 PHP MEDIUM PATCH This Month

Drupal AJAX Dashboard versions before 3.1.0 fail to enforce authentication on critical AJAX endpoints, allowing unauthenticated remote attackers to bypass access controls and invoke privileged dashboard functions. The vulnerability affects all versions from 0.0.0 through 3.1.0 (exclusive) and is categorized as a Missing Authentication for Critical Function (CWE-306). No public exploit code or active exploitation via CISA KEV has been confirmed at time of analysis, but the authentication bypass nature of this defect presents significant risk to installations relying on dashboard security.

Authentication Bypass Ajax Dashboard
NVD
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Drupal AJAX Dashboard versions before 3.1.0 fail to enforce authentication on critical AJAX endpoints, allowing unauthenticated remote attackers to bypass access controls and invoke privileged dashboard functions. The vulnerability affects all versions from 0.0.0 through 3.1.0 (exclusive) and is categorized as a Missing Authentication for Critical Function (CWE-306). No public exploit code or active exploitation via CISA KEV has been confirmed at time of analysis, but the authentication bypass nature of this defect presents significant risk to installations relying on dashboard security.

Authentication Bypass Ajax Dashboard
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy