Drupal security advisory (AV26-615)
Serial number: AV26-615 Date: June 18, 2026 On June 17, 2026, Drupal published security advisories to address vulnerabilities in a number of products. Included were critical updates for the following: Drupal core – multiple versions Plotly.js Graphing – versions prior to 3.0.2 Flag attendance field – versions prior to 8.x-1.2 Formatter Field – versions prior to 2.0.0 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates or perform the suggested mitigations. Drupal Security Advisories
CSIRTS triage
- What
- Drupal published security advisories to address vulnerabilities in multiple products.
- Who is affected
- Users and administrators of affected Drupal products.
- Urgency
- Remediation is critical due to the severity of the vulnerabilities.
- Action
- Review the provided web link and apply the necessary updates or perform the suggested mitigations.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Drupal core
Get an email when a new Drupal core advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-615
More from Canadian Centre for Cyber Security
- unknownBitWarden security advisory (AV26-683)2026-07-10
- criticalAL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 12026-07-10
- unknownMicrosoft Edge security advisory (AV26-682)2026-07-10
- criticalBroadcom VMware security advisory (AV26-681)2026-07-10
- unknownDjango security advisory (AV26-084) – Update 12026-07-09