—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Drupal Core

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: Critical

Software Affected

Drupal 11.3.x 

Drupal 11.2.x 

Drupal 10.6.x 

Drupal 10.5.x

Unsupported, end-of-life and other Drupal versions may also be vulnerable.

Overview

Multiple critical security vulnerabilities have been identified in Drupal Core. The Drupal Security Team has announced that security updates will be released for supported Drupal versions and has warned that exploit code may become available within hours or days following public disclosure.

Target Audience:

Drupal administrators, web hosting teams, security teams, and developers managing Drupal-based applications.

Risk Assessment:

High risk of unauthorized access and rapid exploitation of vulnerable Drupal instances.

Impact Assessment:

May lead to website compromise, malicious code execution, data exposure, and full system compromise.

Description

Drupal has issued a public security advisory regarding undisclosed highly critical vulnerabilities affecting Drupal Core. Technical details of the vulnerabilities will be disclosed upon the release of security patches.

The advisory indicates a high probability of rapid exploitation following public disclosure. Internet-facing Drupal installations are particularly at risk.

Users and administrators are advised to update Drupal Core to the latest available security patch released by the Drupal Security Team and apply all recommended security updates immediately.

Solution

Apply appropriate fixes as mentioned in Drupal Security Advisory:

https://www.drupal.org/psa-2026-05-18

Vendor Information

Drupal

https://www.drupal.org/psa-2026-05-18

References

The Register

https://www.theregister.com/security/2026/05/19/drupal-warns-admins-to-brace-for-highly-critical-core-patch/5242728

CVE Name

CVE identifiers were not available at the time of publication.

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoNtwwACgkQ3jCgcSdc

ys/zwQ//Ulcix91PFlEJMghktDSkNUggrTaGS13AWlNXaHH+p79AldEikrJ59Qe+

XZccqtKoAKladb9HPCUcEn1zbY0axHYb4+0RtSHHZzje0LukPevtjNLxXkMtUgfV

yB+L1oGlpNH8Fnfd9LYdjyywfaqu1qXk12zVreCeafy9L79h7IFxFkwxKSm8ca0F

6ZLkL+LXh74n4URtQ2lZG5G2HIBM1LC5BUA3QkUrAQi3SomAQYENUEjNF8PYOF7y

hnUbrYvCQIaXCF0/oTB76qFo40AZi5w9buB+fehUEF4ZwCKu1iGgOYOri7RPvY6A

jqWOKzo+BMyCxvR6VW54HanfBBJqd/xIn5YlQcnEqCpKQli1bQt4vIJbJPpmkc1V

8Ui6+XIXmSRIWhDFPt55HDMYv1EZ04Bdj7ACEa1ZskbR5N2d1dQv5tF9F1eGnf7b

WsDuooLcamYh/W+uPNWN9xnW92Wdm0llzj/lQmyZkZpoB0hG9wmzltcU3ghQJVtw

iMChMrNf56LNjTl8Msjc0RrD/VDsP23CUC1FOrX3RoI1aMNWou4oz5OGI1fdYUJK

ZonLLnxR9kb3h/AoVTjyokdfe62HmicVltLFb9vkxclEYXnH2iI21gYM2x2elDFX

Ygrx7PLLWq1P5CfezKPTtsK/M1bQ1W/ICMxp8q0ysrQdDlWNgfE=

=pplK

—–END PGP SIGNATURE—–