Home

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.

PUBLISHED Reserved 2026-02-25 | Published 2026-03-25 | Updated 2026-03-26 | Assigner drupal

Problem types

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Product status

Default status
unaffected

0.0.0 (semver) before 1.17.0
affected

2.0.0 (semver) before 2.0.10
affected

Credits

Andrew Wang (andrew.wang) finder

Andrew Belcher (andrewbelcher) finder

Chris Dudley (dudleyc) finder

M Parker (mparker17) finder

tamasd finder

Tim Wood (timwood) finder

Denis K**** (dench0) remediation developer

Joshua Sedler (grevil) remediation developer

Jakob P (japerry) remediation developer

Adam Nagy (joevagyok) remediation developer

cilefen (cilefen) coordinator

Damien McKenna (damienmckenna) coordinator

Greg Knaddison (greggles) coordinator

Lee Rowlands (larowlan) coordinator

Michael Hess (mlhess) coordinator

Juraj Nemec (poker10) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2026-015

cve.org (CVE-2026-3214)

nvd.nist.gov (CVE-2026-3214)

Download JSON