CVE-2026-3573 identifies an incorrect authorization vulnerability (CWE-863) within the Drupal AI (Artificial Intelligence) module, specifically affecting versions from 0.0.0 before 1.1.11 and from 1.2.0 before 1.2.12. The vulnerability allows an attacker to bypass authorization checks, enabling resource injection attacks. Resource injection in this context means that unauthorized users can inject or manipulate resources that the AI module processes or manages, potentially altering AI behavior or compromising data integrity. The root cause is improper enforcement of access control policies within the AI module, which fails to verify whether a user has the necessary permissions before allowing certain operations. This can lead to unauthorized modification or insertion of data or commands that the AI component handles. Although no public exploits have been reported, the vulnerability is significant due to the sensitive nature of AI modules that often handle critical data or decision-making processes. The lack of a CVSS score indicates that the vulnerability is newly published and not yet fully assessed, but the technical details suggest a serious authorization flaw. The vulnerability affects Drupal installations that have integrated the AI module, which is increasingly used to enhance content management and automation. Attackers exploiting this flaw could compromise the confidentiality and integrity of AI-driven processes, potentially leading to data corruption, unauthorized data access, or manipulation of AI outputs. The vulnerability does not require user interaction but does require the attacker to have some level of access to the Drupal environment, possibly through a web interface or API. The issue was reserved on March 4, 2026, and published on March 26, 2026, with no patches linked yet, emphasizing the need for urgent attention by Drupal administrators.

The impact of CVE-2026-3573 is significant for organizations using the Drupal AI module, especially those with public-facing websites or services relying on AI-driven content or automation. Unauthorized resource injection can lead to data integrity issues, allowing attackers to manipulate AI behavior or inject malicious data that could propagate through automated processes. This could result in corrupted outputs, unauthorized data disclosure, or even further compromise of the Drupal environment if the injected resources enable code execution or privilege escalation. The confidentiality of sensitive data processed by AI could be at risk, as well as the availability of AI services if resource injection leads to denial of service or system instability. Organizations in sectors such as government, healthcare, finance, and e-commerce that rely on Drupal for content management and AI functionalities are particularly vulnerable. The absence of known exploits suggests limited current exploitation but also means organizations should proactively patch and monitor for suspicious activity. Failure to address this vulnerability could lead to reputational damage, regulatory penalties, and operational disruptions.

To mitigate CVE-2026-3573, organizations should immediately upgrade the Drupal AI module to versions 1.1.11 or later for the 0.x branch and 1.2.12 or later for the 1.2.x branch once patches are released. Until patches are available, restrict access to the AI module's interfaces by implementing strict access control policies, limiting permissions to trusted administrators only. Conduct a thorough audit of user roles and permissions to ensure no excessive privileges are granted that could be exploited. Employ web application firewalls (WAFs) to detect and block suspicious requests targeting the AI module endpoints. Monitor logs for unusual activity related to resource injection attempts or unauthorized access patterns. Additionally, implement network segmentation to isolate critical Drupal components and AI services from general user traffic. Regularly review and update security policies around third-party modules and AI integrations. Finally, maintain an incident response plan to quickly address any signs of exploitation or compromise related to this vulnerability.