
[CIVN-2026-0362] Multiple Vulnerabilities in Drupal
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Drupal
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Commerce guest registration.
Clean RESTful.
Raw Formatter [Meta Tag Formatter].
AI SEO/GEO Analyzer versions prior to 1.1.3
UI Patterns (SDC in Drupal UI) versions prior to 2.0.17, starting from 2.0.0
Siteimprove Analytics versions prior to 2.0.1
Location Selector versions prior to 1.3.0
Ray Enterprise Translation versions prior to 4.0.4
Ray Enterprise Translation versions prior to 4.1.4, starting from 4.1.0
Ray Enterprise Translation versions prior to 11.0.4, starting from 11.0.0
Login Disable versions prior to 2.1.4
Overview
Multiple vulnerabilities have been reported in Drupal modules, which could allow an attacker to execute SQL injection, cross-site scripting (XSS) attacks, bypass security restrictions or otherwise compromise the targeted system.
Target Audience:
All end-user organizations and individuals using the affected Drupal modules.
Risk Assessment:
High risk of SQL injection, cross-site scripting, and potential compromise of affected Drupal websites.
Impact Assessment:
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary SQL queries, perform cross-site scripting (XSS) attacks, bypass security restrictions, gain unauthorized access, and compromise the integrity of the affected system.
Description
Drupal is an open-source Content Management System (CMS) used to build, manage, and maintain websites and web applications.
Multiple vulnerabilities have been identified in several Drupal contributed modules due to improper input sanitization, SQL injection flaws, and other security weaknesses.
Successful exploitation of these vulnerabilities could allow an attacker to perform SQL injection and cross-site scripting (XSS) attacks, bypass security restrictions, or otherwise compromise the targeted system.
Solution
Apply appropriate security updates as mentioned:
https://www.drupal.org/sa-contrib-2026-070
https://www.drupal.org/sa-contrib-2026-071
https://www.drupal.org/sa-contrib-2026-072
https://www.drupal.org/sa-contrib-2026-073
https://www.drupal.org/sa-contrib-2026-075
https://www.drupal.org/sa-contrib-2026-076
https://www.drupal.org/sa-contrib-2026-077
https://www.drupal.org/sa-contrib-2026-078
https://www.drupal.org/sa-contrib-2026-079
Vendor Information
Drupal
https://new.drupal.org/home
References
Drupal
https://www.drupal.org/sa-contrib-2026-070
https://www.drupal.org/sa-contrib-2026-071
https://www.drupal.org/sa-contrib-2026-072
https://www.drupal.org/sa-contrib-2026-073
https://www.drupal.org/sa-contrib-2026-075
https://www.drupal.org/sa-contrib-2026-076
https://www.drupal.org/sa-contrib-2026-077
https://www.drupal.org/sa-contrib-2026-078
https://www.drupal.org/sa-contrib-2026-079
CVE Name
CVE-2026-15079
CVE-2026-15080
CVE-2026-15081
CVE-2026-15082
CVE-2026-15084
CVE-2026-15085
CVE-2026-15086
CVE-2026-15087
CVE-2026-15089
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpWR8AACgkQ3jCgcSdc
ys+gpg/9HxLlmyLfmE0SnJgcs5dNYV/RX9lJSCmokrQl15vQAv/9/+PgjbEWfDAq
m3UBeRLF44eiz7aiP5yDu1BxjBRrzH03d6wnBK7kwhJ+MSe6mauaBmrj6w65hXQW
xE4Y4WWwhN31LZ69EgkFAe+1UeHAZ9dsRNkPmi8zEMK+AEoPFxDbbjYz91kNJ9uF
JbOolXvfXjhlfIuhsB2InqoJwxwegKm2KTyC+ZAgFhSIBFnYqf9/kH3KXmTgYDvS
ZVEndmfUJU04FPpxOjPhpt5vDxUaU68MxSmDMGDglvtfTxvBYG/AvBphWQ9mOQqE
Uq6dNdRhDQJNIe2kzjhTaoEg508KhPf0sK3dlnHzuGWKjaHu0EVd07btNK9Az+GP
CKUnkCaII3P7sQVp0fy6yVyFqMjsD+qMxAVOO/W8M6BGh78p5Dr6jrX4QEmpangr
3ISAdfWRXLbZIz4/LdUVc/OE/2UO9gQFX37vglQjvT7bTtjg6mt90r3kiED5Gsaa
eaHr5Ivkr2KYDhvGO3dGL9yw60uQSug/rYqTMQmVpaRyX49sPhj++hUDSUNuhiTb
ZVN/GsWNgdzOxLhTnhidfBJKgcDpTIFnA5fPY8BltBmmV5yTZQ9akDTTPbvYHSbf
V8qp5MYfidLS6nxai49WN32oVjXVPRZrsvr8RH5xZ5UVyEr3Md4=
=mCfG
—–END PGP SIGNATURE—–


