logo

Database

Improper authorization control for web services In drupal/ajax_dashboard

Description

AJAX Dashboard: Entity Dashboards enables you to create configurable dashboards attached to entities which include AJAX-reloading of a main content area based on inputs from a configurable set of buttons.

The module doesn't sufficiently check access on the dashboard configuration route. Unauthorized users could access the entity dashboard configuration page and either enable or disable dashboards. The affected administration page does not permit editing the configurations of the dashboards themselves.

The vulnerability is mitigated by the fact that the AJAX Dashboard Entity Dashboard submodule must be enabled.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-35272. NVD-2026-35273. OSV-DRUPAL-CONTRIB-2026-0224. OSV-2026-35275. GCVE-2026-35276. drupal.org

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-NMGZX – Vulnerability | Fluid Attacks Database