CVE-2026-58589

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0.

Credits

Aincient Labs (aincient labs)
Shibin Das (d34dman)
Greg Knaddison (greggles)
Neil Drumm (drumm)
Juraj Nemec (poker10)
Dave Long (longwave)

References