PT-2026-22086 · Drupal+2 · Captcha+1
Adam Nagy
+16
·
Published
2026-02-25
·
Updated
2026-03-30
·
CVE-2026-3214
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal CAPTCHA versions 0.0.0 through 1.16.9
Drupal CAPTCHA versions 2.0.0 through 2.0.9
Description
A functionality bypass exists in Drupal CAPTCHA due to insufficient invalidation of security tokens. An attacker may bypass the CAPTCHA on subsequent submissions if they first successfully solve at least one CAPTCHA manually to obtain valid tokens.
Recommendations
Update Drupal CAPTCHA to version 1.17.0 or later.
Update Drupal CAPTCHA to version 2.0.10 or later.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Captcha
Drupal/Captcha