Primary

Context

Drupal AJAX Dashboard Missing Authentication Vulnerability Allowing Access Bypass

Vulnerability

A vulnerability in the Drupal AJAX Dashboard module, specifically in versions prior to 3.1.0, allows for access bypass due to inadequate authentication checks on the dashboard configuration route. This flaw enables unauthorized users to access the entity dashboard configuration page and manipulate dashboard visibility, although it does not permit direct editing of the dashboard configurations. The vulnerability requires the AJAX Dashboard: Entity Dashboards submodule to be enabled.

Impact

Exploitation of this vulnerability could lead to unauthorized access to dashboard configuration settings, allowing users to enable or disable entity dashboards without proper authorization.

Remediation

Users are advised to upgrade to AJAX Dashboard version 3.1.0 or later, which addresses this vulnerability.

Added: Mar 26, 2026, 9:56 PM

Updated: Mar 26, 2026, 9:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal AJAX Dashboard Missing Authentication Vulnerability Allowing Access Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating