Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0.CreditsAincient Labs (aincient labs)Shibin Das (d34dman)Greg Knaddison (greggles)Neil Drumm (drumm)Juraj Nemec (poker10)Dave Long (longwave)Referenceshttps://www.drupal.org/sa-contrib-2026-067