Drupal Multiple Vulnerabilities
CSIRTS triage
- What
- Multiple vulnerabilities have been identified in Drupal.
- Who is affected
- Users of Drupal.
- Urgency
- Remediation is important to maintain security.
- Action
- Monitor for updates regarding the vulnerabilities in Drupal.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Drupal
Get an email when a new Drupal advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.hkcert.org/security-bulletin/drupal-multiple-vulnerabilities_20260623
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-55803 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-55804 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-55806 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-55807 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-55808 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownCVE-2026-55808: Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerabi…nvd
- unknownCVE-2026-55807: Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Requ…nvd
- unknownCVE-2026-55806: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows…nvd
- unknownCVE-2026-55804: Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability i…nvd
- unknownCVE-2026-55803: Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability i…nvd
- criticalDrupal core - Moderately critical - Improper validation - SA-CORE-2026-009drupal
- criticalDrupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008drupal
- criticalDrupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007drupal
- criticalDrupal core - Moderately critical - Gadget chain - SA-CORE-2026-006drupal
- criticalDrupal core - Critical - PHP object injection - SA-CORE-2026-005drupal
More from HKCERT Security Bulletins
- unknownJuniper Junos OS Multiple Vulnerabilities2026-07-09
- unknownGoogle Chrome Multiple Vulnerabilities2026-07-09
- unknownPalo Alto Products Multiple Vulnerabilities2026-07-09
- unknownBeyondTrust Products Multiple Vulnerabilities2026-07-08
- unknownApple Products Multiple Vulnerabilities2026-07-06