[CIVN-2026-0317] Multiple Vulnerabilities in Drupal
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Drupal
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Tagify module versions prior to 1.2.52
Examples for Developers versions prior to 4.0.6
Mother May I module (all versions)
Composer module for Drupal (all versions)
Brute force attack protection module (all versions)
Overview
Multiple vulnerabilities have been reported in Drupal modules. which could allow attackers to bypass security restrictions, access sensitive files, disclose sensitive information and perform cross site scripting attacks on the targeted system.
Target Audience:
All end-user organizations and individuals using Drupal modules.
Risk Assessment:
Risk of cross site scripting attacks, unauthorized access.
Impact Assessment:
Potential for data theft, unauthorized access to sensitive information and potential compromise of system.
Description
Drupal is an open-source Content Management System (CMS) which allows individuals and organizations to create, manage and maintain websites and web applications.
Multiple vulnerabilities exist in Drupal module due to improper sanitization of user-supplied input, inadequate access controls, and unresolved security issues in unsupported projects.
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, disclose sensitive information, and perform cross site scripting attacks on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor:
https://www.drupal.org/sa-contrib-2026-043
https://www.drupal.org/sa-contrib-2026-044
https://www.drupal.org/sa-contrib-2026-045
https://www.drupal.org/sa-contrib-2026-046
https://www.drupal.org/sa-contrib-2026-047
Vendor Information
Drupal
https://www.drupal.org/sa-contrib-2026-043
https://www.drupal.org/sa-contrib-2026-044
https://www.drupal.org/sa-contrib-2026-045
https://www.drupal.org/sa-contrib-2026-046
https://www.drupal.org/sa-contrib-2026-047
References
Drupal
https://www.drupal.org/sa-contrib-2026-043
https://www.drupal.org/sa-contrib-2026-044
https://www.drupal.org/sa-contrib-2026-045
https://www.drupal.org/sa-contrib-2026-046
https://www.drupal.org/sa-contrib-2026-047
CVE Name
CVE-2026-11908
CVE-2026-11909
CVE-2026-11913
CVE-2026-11914
CVE-2026-11915
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoyuUUACgkQ3jCgcSdc
ys+GFxAAmU0hQ/HdPob88Cp2MvJ5vBa9Aiqk2prA15nDd2uAnC/4eR6WCXz7wQnt
ZnJJRb1f7sVRaN8XrqtR39RLkiknv1HMNpHMHfG5gMLd99EdiAbYEPTaAb9Mu2oR
mfmAasSkOKyuRlsFs6mcuu5/mNhr4tKYTfPiX0UTDwUOvUHoQ2I7W2B1XxbtHx3q
OvTIVmic+j3h/VRDkffP3zP/KOG6V8XKjaEapdc3PnYxpMRFj7Z7c+sNmjRmWGw9
xv7el3Uo1bWXU3vNxjRnivV4KC6TbzI3KgcbEjDAL8I/ZgEnUivqjA5lHXGbItsY
+RrPEmCj2u9Iu2fzFaNdK2phR0Xolsy7nuYAhcQpjRuICId+RG3CpR0teOesiiq4
p92dimtwqeOlQpd3sn+7wUyHGk1kyLMGwSlU2lySUw7rMWN9zGE1GfDWMMCTI8xe
5fU8IA2+6MEAUnr6KL/P2wJy+pZCTgsXoVfzkBwRZNQGfkQU5Ni2ccSKBl531zA7
iJdVJWdU7DNqnby+Di12y4mKkxda6Y8wm3i4Nzqlqht0QvmVD2n+R8q0f61ZEupk
ZBGHwtXKjHiw/xakrDsm95Tu8dN/GN2FUoHoqI5LQvHIDxgpvYRgtbNwKVJrpVMq
Y38Jq5vnjfCMNEu0cFLpeuJwCb043Fs2w+AcI1FmtTsMTIdHYSI=
=3sCE
—–END PGP SIGNATURE—–
![[CIVN-2026-0318] Arbitrary File Write Vulnerability in Cisco Catalyst SD-WAN Manager](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
