CVE-2026-1553

CVE-2026-1553 describes an Incorrect Authorization vulnerability in the Drupal Canvas module that enables forceful browsing of unpublished Canvas Pages. Affected versions are Drupal Canvas prior to 1.0.4. The underlying issue is insufficient access validation for unpublished Canvas Pages, allowin...

CVE-2026-3216

CVE-2026-3216 affects Drupal Canvas module prior to 1.1.1. The privilege-requiring SSRF arises when the hidden Drupal Canvas AI submodule is enabled (often via Drupal Recipes or deployment scripts) and improper sanitization of user-supplied data in messages JSON payloads is exploited. An attacker...