Drupal Remote Code Execution vulnerability
Release Date: 21 May 2026
RISK: Medium Risk
TYPE: Servers - Other Servers
A remote attacker could exploit this vulnerability to trigger remote code execution, data manipulation, elevation of privilege and sensitive information disclosure on the targeted system.
Impact
- Remote Code Execution
- Data Manipulation
- Information Disclosure
- Elevation of Privilege
System / Technologies affected
- Drupal version 8.9.0 and later, prior to 10.4.10
- Drupal version 10.5.0 and later, prior to 10.5.10
- Drupal version 10.6.0 and later, prior to 10.6.9
- Drupal version 11.0.0 and later, prior to 11.1.10
- Drupal version 11.2.0 and later, prior to 11.2.12
- Drupal version 11.3.0 and later, prior to 11.3.10
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- For Drupal 8.9, manually applying the Drupal 8.9 patch
- For any version of Drupal 9, manually applying the Drupal 9.5 patch
- For Drupal 10.4.x or earlier, update to Drupal 10.4.10
- For Drupal 10.5.x, update to Drupal 10.5.10
- For Drupal 10.6.x, update to Drupal 10.6.9
- For Drupal 11.1.x or 11.0.x, update to Drupal 11.1.10
- For Drupal 11.2.x, update to Drupal 11.2.12
- For Drupal 11.3.x, update to Drupal 11.3.10
Note:
- Drupal 8 and Drupal 9 have both reached end-of-life. Those unsupported versions will still have other, previously disclosed security vulnerabilities.
- Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage.
沒有留言:
發佈留言