Drupal security advisory (AV26-631)
Serial number: AV26-631 Date: June 25, 2026 On June 24, 2026, Drupal published security advisories to address vulnerabilities in a number of products. Included were critical updates for the following: Geolocation Field – versions prior to 3.15.0 WissKI – versions prior to 4.2.0 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations. Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062 WissKI - Critical - Access bypass - SA-CONTRIB-2026-059 Drupal Security Advisories
CSIRTS triage
- What
- Critical updates address vulnerabilities in specific components.
- Who is affected
- Users of the Geolocation Field and WissKI modules in Drupal.
- Urgency
- Remediation is urgent due to the critical nature of the vulnerabilities.
- Action
- Users should update to the latest versions immediately.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-631
More from Canadian Centre for Cyber Security
- unknownBitWarden security advisory (AV26-683)2026-07-10
- criticalAL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 12026-07-10
- unknownMicrosoft Edge security advisory (AV26-682)2026-07-10
- criticalBroadcom VMware security advisory (AV26-681)2026-07-10
- unknownDjango security advisory (AV26-084) – Update 12026-07-09