Vendor

Drupal

4 briefs RSS

Drupal Security Advisory AV26-615: Multiple Critical Vulnerabilities

On June 17, 2026, Drupal released critical security advisories (AV26-615) addressing multiple vulnerabilities in Drupal core and several modules including Plotly.js Graphing, Flag attendance field, and Formatter Field, which, if unpatched, could allow remote attackers to compromise affected web servers and sensitive data.

exploited Drupal core +3 web-application drupal vulnerability cccs-advisory

3r 7t 1d ago

critical threat

Drupal Core PostgreSQL SQL Injection Vulnerability (CVE-2026-9082) Exploit Available

2 rules 1 TTP 1 CVE 2 IOCs

A public exploit is available for CVE-2026-9082, a SQL injection vulnerability in Drupal Core affecting PostgreSQL-backed sites running versions 8.0 through 11.3.9, allowing unauthenticated users to potentially achieve data exfiltration, privilege escalation, and remote code execution.

Drupal Core cve sql injection drupal web application

2r 1t 1c 2i May 21, 2026

critical advisory

Drupal Date iCal Module Vulnerability Allows Information Disclosure

2 rules 1 TTP

A critical information disclosure vulnerability exists in the Drupal Date iCal module versions prior to 4.0.15, potentially allowing unauthorized access to sensitive information.

Date iCal < 4.0.15 drupal information-disclosure vulnerability

2r 1t May 13, 2026

high advisory

webonyx/graphql-php Unbounded Recursion Vulnerability

2 rules 1 TTP

The webonyx/graphql-php library has an unbounded recursion vulnerability in its parser that can lead to a stack overflow, causing a denial of service by terminating the PHP process with a SIGSEGV.

graphql-php +4 graphql denial-of-service recursion php

2r 1t May 6, 2026