Intel

AIKIDO-2026-917978

drupal/canvas is vulnerable to Unrestricted File Upload

Unrestricted File UploadCVE-2026-58587 Published Jul 2, 2026

45

Medium Risk

This Affects:

PHPdrupal/canvas
0.0.1 - 1.4.1
Fixed in 1.4.2
1.5.0 - 1.5.1
Fixed in 1.5.2
1.6.0 - 1.6.0
Fixed in 1.6.1
1.7.0 - 1.7.0
Fixed in 1.7.1
Are you affected? Scan for Free

TL;DR

The Drupal Canvas AI submodule allows image file uploads via a custom API for use in the AI web chat. These uploads are insufficiently validated before being written to Drupal's temporary directory, which in some cases can lead to cross-site scripting (XSS).

Who does this affect?

You are affected if you are using a vulnerable version of the Canvas module and have the Canvas AI submodule enabled, which exposes the image upload API used in the AI web chat.

Background info

drupal/canvas is vulnerable to Unrestricted File Upload in versions 0.0.1 - 1.4.1, 1.5.0 - 1.5.1, 1.6.0 - 1.6.0 and 1.7.0 - 1.7.0.

How to fix this

Upgrade the drupal/canvas library to the patch version.