DRUPAL-CONTRIB-2026-068

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/flowdrop/DRUPAL-CONTRIB-2026-068.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-068
Aliases
  • CVE-2026-58590
Published
2026-07-01T17:22:46Z
Modified
2026-07-01T19:30:04.673842367Z
Summary
[none]
Details

This module enables you to test and run AI-driven workflows interactively through a chat interface.

The module doesn't sufficiently re-evaluate a human-in-the-loop approval gate where the workflow iterates more than once. This may result in execution of workflows that were not intended by the user.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer FlowDrop workflows" (or the equivalent "Create FlowDrop workflows" / "Edit FlowDrop workflows" permissions).

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/flowdrop

Package

Name
drupal/flowdrop
Purl
pkg:composer/drupal%2Fflowdrop

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.0
Database specific
{
    "constraint": "<1.6.0"
}

Database specific

affected_versions
"<1.6.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/flowdrop/DRUPAL-CONTRIB-2026-068.json"