DRUPAL-CONTRIB-2026-028

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/ai/DRUPAL-CONTRIB-2026-028.json

JSON Data

https://api.test.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-028

Published

2026-03-11T16:33:14Z

Modified

2026-03-11T19:45:15.245663Z

Summary

[none]

Details

The module and certain submodules (AI Automators, AI Translate, AI API Explorer, AI Content Suggestions) provide the ability to use an LLM to generate HTML or Markdown and preview it in a browser.

Under certain circumstances, rendering of this HTML can lead to exposing secret communications in the context of the LLM request.

References

https://www.drupal.org/sa-contrib-2026-028

Credits

- Marcus Johansson (marcus_johansson)
- - https://www.drupal.org/u/marcus_johansson

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/ai

Package

Name: drupal/ai
Purl: pkg:composer/drupal/ai

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.1.11

Database specific

{
    "constraint": "<1.1.11"
}

Type

ECOSYSTEM

Events

Introduced

1.2.0

Fixed

1.2.12

Database specific

{
    "constraint": ">=1.2.0 <1.2.12"
}

Database specific

affected_versions

"<1.1.11 || >=1.2.0 <1.2.12"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/ai/DRUPAL-CONTRIB-2026-028.json"