View online: https://www.drupal.org/sa-contrib-2026-028

Project: AI (Artificial Intelligence) [1] Date: 2026-March-11 Security risk: *Moderately critical* 11 ∕ 25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Default [2] Vulnerability: Information Disclosure

Affected versions: <1.1.11 || >=1.2.0 <1.2.12 Description:  The module and certain submodules (AI Automators, AI Translate, AI API Explorer, AI Content Suggestions) provide the ability to use an LLM to generate HTML or Markdown and preview it in a browser.

Under certain circumstances, rendering of this HTML can lead to exposing secret communications in the context of the LLM request.

Solution:  Install the latest version:

* If you use the AI module 1.1 or earlier, upgrade to AI 1.1.11 [3]. * If you use the AI module 1.2, upgrade to AI 1.2.12 [4].

Reported By:  * Marcus Johansson (marcus_johansson) [5]

Fixed By:  * Artem Dmitriiev (a.dmitriiev) [6] * Abhisek Mazumdar (abhisekmazumdar) [7] * Dave Long (longwave) [8] of the Drupal Security Team * Marcus Johansson (marcus_johansson) [9] * Valery Lourie (valthebald) [10]

Coordinated By:  * Greg Knaddison (greggles) [11] of the Drupal Security Team * Drew Webber (mcdruid) [12] of the Drupal Security Team * Jess (xjm) [13] of the Drupal Security Team

------------------------------------------------------------------------------ Contribution record [14]

[1] https://www.drupal.org/project/ai [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/ai/releases/1.1.11 [4] https://www.drupal.org/project/ai/releases/1.2.12 [5] https://www.drupal.org/u/marcus_johansson [6] https://www.drupal.org/u/admitriiev [7] https://www.drupal.org/u/abhisekmazumdar [8] https://www.drupal.org/u/longwave [9] https://www.drupal.org/u/marcus_johansson [10] https://www.drupal.org/u/valthebald [11] https://www.drupal.org/u/greggles [12] https://www.drupal.org/u/mcdruid [13] https://www.drupal.org/u/xjm [14] https://new.drupal.org/contribution-record?source_link=https%3A//www.drupal....