—
DRUPAL-CONTRIB-2026-053
Details
This module enables you to use OpenAI as a provider for the AI module.
The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery (SSRF) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have the access to change the host url and a way to generate AI-generated images.
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist:https://packages.drupal.org/8 / drupal/ai_provider_openai
Introduced in:
0 Fixed in: 1.1.1 Upgrade drupal/ai_provider_openai to 1.1.1 or newer (ecosystem packagist:https://packages.drupal.org/8).