—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Drupal Plugins

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Drupal core versions prior to 1.7.0

Drupal core versions from 1.1.11 to 1.2.12

Overview

Multiple vulnerabilities have been reported in Drupal plugins which allow a remote attacker to obtain sensitive information or bypass access controls on the targeted system.

Target Audience:

All end-user organizations and individuals using Drupal installations with affected contributed modules/plugins.

Risk Assessment:

Risk of access bypass, unauthorized access to sensitive information.

Impact Assessment:

Potential compromise of system and unauthorized access to sensitive information.

Description

Drupal is an open-source, content management system (CMS) and web application framework.

Multiple vulnerabilities exist in Drupal plugins due to improper access control for unpublished translated nodes and improper sanitization or isolation of untrusted HTML/Markdown content. A remote attacker could exploit these vulnerabilities by sending specially crafted inputs.

Successful exploitation of these vulnerabilities could allow an attacker to bypass access controls and can obtain sensitive information on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.drupal.org/sa-contrib-2026-028

https://www.drupal.org/sa-contrib-2026-029

Vendor Information

Drupal

https://www.drupal.org/sa-contrib-2026-028

https://www.drupal.org/sa-contrib-2026-029

References

Drupal

https://www.drupal.org/sa-contrib-2026-028

https://www.drupal.org/sa-contrib-2026-029

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmm4GxUACgkQ3jCgcSdc

ys/suA//VQIGXQwx7mFvYZpEXHnTgRr3L3kqmKceJwrAs5YwUv2PCq8ZtGSeYv2l

HG5+wCLiN4kIKdoXpV1MC5xiOs8U5boJjMuJ/eomQT2Uq1JA0IoNDohHvPq1iQ4k

27hZkVdoUJZTM1aQn/fnBWwvfLZuBiiHvfRdMOueadxbcZ3k6Vr+8w9WgcbRer1G

OOwoLbhYcfK73/EfPjnLN/SXdxhIOrFVO/l3adEZh5006ZZIq1IomuD46swkGV28

ltMwObpK96cSaKUvjU4+h9iu9H4UmDmpl/Z7tbd4wSh7EkuB/D9N4Wz79oTvohnY

Uh/w0ryHF1E53q283sh8T1d5CowmiC8uvqfRRGrwa15Id1tfg/pHFN35pZJU2wRk

azE6PhvA0ut723Udn0cUz3IaH/z1eRhBrs9VvHAxvC5zu+rde9JPibePLhBN6fUu

yVTwS3U7ovU7DQcXs8C3gixRR3c10GdADvycVko0pWJLBekvn3RQRHFUBkc54Aa3

pQnbbZHO/yea9cjZtf7qpbEyi3i/qVu0eN893OQKR8Ympb9HFHwFQq98BvyggavF

43wsKQ1Vq3wzVHAMESk9YucGdTqDpkjjBXSH+eshag7CQZFxMF4Pi7LvetJubSSb

0nd7penalKhD2KvmcUp508Ef05zqTeywGze3eiHse7a3t18FPrY=

=0CWp

—–END PGP SIGNATURE—–