AIKIDO-2026-10363
drupal/ai is vulnerable to Information Disclosure
50
Medium Risk
This Affects:
drupal/aiTL;DR
Affected versions of this package are affected by an information disclosure vulnerability in features that render large language model (LLM) output as HTML or Markdown in a browser preview. Certain modules, including AI Automators, AI Translate, AI API Explorer, and AI Content Suggestions, allow LLM-generated content to be rendered directly in the browser. Under certain circumstances, this rendering may expose sensitive information contained in the context of the LLM request, potentially disclosing secret communications or other confidential data. The issue is addressed by improving safeguards around how LLM-generated content is rendered and how request context data is handled.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
drupal/ai is vulnerable to Information Disclosure in versions 1.0.0 - 1.1.10 and 1.2.0 - 1.2.11.
How to fix this
Upgrade the drupal/ai library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant