CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Drupal security advisory (AV26-615)

critical
Serial number: AV26-615 Date: June 18, 2026 On June 17, 2026, Drupal published security advisories to address vulnerabilities in a number of products. Included were critical updates for the following: Drupal core – multiple versions Plotly.js Graphing – versions prior to 3.0.2 Flag attendance field – versions prior to 8.x-1.2 Formatter Field – versions prior to 2.0.0 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates or perform the suggested mitigations. Drupal Security Advisories

CSIRTS triage

What
Drupal published security advisories to address vulnerabilities in multiple products.
Who is affected
Users and administrators of affected Drupal products.
Urgency
Remediation is critical due to the severity of the vulnerabilities.
Action
Review the provided web link and apply the necessary updates or perform the suggested mitigations.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Drupal core

Get an email when a new Drupal core advisory drops — max one per day, one-click unsubscribe.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
critical
Published
2026-06-18
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-615

More from Canadian Centre for Cyber Security