drupal
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting drupal.
- CVE-2026-5343SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-0317.4
- CVE-2026-4093Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)5.4
- CVE-2026-4929Simple Hierarchical Select (Drupal 7) XSS in term-derived output5.4
- CVE-2026-0748Access bypass in Drupal 7 i18n_node translation UI4.3
- CVE-2026-1556Information disclosure via file URI overwrite in File (Field) Paths6.5
- CVE-2026-4393Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-0304.3
- CVE-2026-4933Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-0297.5
- CVE-2026-3573AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-0287.5
- CVE-2026-3532OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-0274.2
- CVE-2026-3531OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-0266.5
- CVE-2026-3530OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-0254.3
- CVE-2026-3529Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-0246.1
- CVE-2026-3528Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-0236.1
- CVE-2026-3527AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-0226.5
- CVE-2026-3526File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-0215.3