๐Ÿ” CVE Alert

CVE-2026-58589

MEDIUM 5.4

FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-067

CVSS Score
5.4
EPSS Score
0.2%
EPSS Percentile
8th

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0.

CWE CWE-862
Vendor drupal
Product flowdrop
Ecosystems
Industries
WebMedia
Published Jul 10, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for drupal flowdrop

Be the first to know when new medium vulnerabilities affecting drupal flowdrop are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Drupal / FlowDrop
0.0.0 < 1.6.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
drupal.org: https://www.drupal.org/sa-contrib-2026-067

Credits

Aincient Labs (aincient labs) Shibin Das (d34dman) Greg Knaddison (greggles) Neil Drumm (drumm) Juraj Nemec (poker10) Dave Long (longwave)