๐Ÿ” CVE Alert

CVE-2026-3214

MEDIUM 6.5

CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
6th

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.

CWE CWE-288
Vendor drupal
Product captcha
Ecosystems
Industries
WebMedia
Published Mar 25, 2026
Last Updated Mar 26, 2026
Stay Ahead of the Next One

Get instant alerts for drupal captcha

Be the first to know when new medium vulnerabilities affecting drupal captcha are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Drupal / CAPTCHA
0.0.0 < 1.17.0 2.0.0 < 2.0.10

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
drupal.org: https://www.drupal.org/sa-contrib-2026-015

Credits

Andrew Wang (andrew.wang) Andrew Belcher (andrewbelcher) Chris Dudley (dudleyc) M Parker (mparker17) tamasd Tim Wood (timwood) Denis K**** (dench0) Joshua Sedler (grevil) Jakob P (japerry) Adam Nagy (joevagyok) cilefen (cilefen) Damien McKenna (damienmckenna) Greg Knaddison (greggles) Lee Rowlands (larowlan) Michael Hess (mlhess) Juraj Nemec (poker10) Jess (xjm)