Drupal Advisories Flag Validation and Permission Risks in Contributed Modules
Security advisories dated 1 July 2026 by the Drupal Security Team identify five moderately critical vulnerabilities across three contributed projects: Colorbox, FlowDrop, and Drupal Canvas. The issues cover cross-site scripting, access bypass, and improper validation. They affect areas where users or workflows can submit content, upload files, or trigger session actions.
The advisories do not support a broad claim that Drupal or open source is becoming less secure. They point instead to a narrower trust-boundary pattern in contributed projects. Upload APIs, workflow endpoints, and approval gates need explicit validation and permission checks when they allow user-controlled input or automated execution.
The Colorbox advisory, SA-CONTRIB-2026-069, says the module did not sufficiently protect against malicious JavaScript injection in certain scenarios. Drupal.org lists the vulnerability as CVE-2026-58591 and says it is mitigated because an attacker must have a role that permits HTML content entry. Installations on the 2.1.x branch should upgrade to 2.1.5, while installations on 2.2.x should upgrade to 2.2.1.
Two FlowDrop advisories focus on permission enforcement in an artificial intelligence-driven chat interface for testing and running workflows. SA-CONTRIB-2026-067 says insufficient endpoint permission enforcement could allow attackers to trigger workflow execution, incur large language model costs, cause tool side effects, or send messages into another user’s session. Drupal.org says the issue is mitigated because the required View any session permission is not granted to anonymous or authenticated users by default, and 1.6.0 adds a requirement for the Execute session workflow permission when driving a session.
SA-CONTRIB-2026-068 describes a separate FlowDrop issue in which a human-in-the-loop approval gate was not sufficiently re-evaluated after a workflow iterated more than once. Drupal.org says this could result in workflows executing in ways the user did not intend. Both FlowDrop advisories affect versions before 1.6.0 and are mitigated by permissions limited to users who can administer, create, or edit FlowDrop workflows.
Two Drupal Canvas advisories focus on file upload validation. SA-CONTRIB-2026-065 covers the Canvas AI submodule, where image uploads through a custom API for AI web chat were insufficiently validated before being written to Drupal’s temporary directory. SA-CONTRIB-2026-066 says the module checked uploaded file extensions but not MIME types, which could allow a non-image file to be uploaded and, under certain web-server configurations, be served in a way that may lead to cross-site scripting or other unexpected behaviour.
Sites using Drupal Canvas should move to 1.4.2, 1.5.2, 1.6.1, or 1.7.1, depending on the installed branch. The Drupal Canvas and FlowDrop advisories show that AI-facing features still depend on conventional web-security controls. Those controls include validating uploads by content type, restricting endpoints by precise permission, and rechecking approval state before execution.
The FlowDrop issues also sit within a wider AI application-security concern around execution-capable workflows. The OWASP GenAI Security Project describes excessive agency as a risk in which an LLM-based system can perform damaging actions when it has too much functionality, permission, or autonomy. That context makes the FlowDrop fixes significant beyond a routine access-bypass update, while still keeping the article grounded in the Drupal.org advisories.
All five advisories list exploitability as theoretical. Drupal.org credits Pierre Rudloff, Aincient Labs, Christian López Espínola, and Akhil Babu with reporting the issues. Fixes were credited to Paul McKibben, Shibin Das, Akhil, Christian, and Alex Bronstein, with coordination by members of the Drupal Security Team.
