CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Drupal security advisory (AV26-631)

critical
Serial number: AV26-631 Date: June 25, 2026 On June 24, 2026, Drupal published security advisories to address vulnerabilities in a number of products. Included were critical updates for the following: Geolocation Field – versions prior to 3.15.0 WissKI – versions prior to 4.2.0 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations. Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062 WissKI - Critical - Access bypass - SA-CONTRIB-2026-059 Drupal Security Advisories

CSIRTS triage

vendor: DrupalSQL injectionAuthentication bypassaffected: Geolocation Field – versions prior to 3.15.0; WissKI – versions prior to 4.2.0
What
Critical updates address vulnerabilities in specific components.
Who is affected
Users of the Geolocation Field and WissKI modules in Drupal.
Urgency
Remediation is urgent due to the critical nature of the vulnerabilities.
Action
Users should update to the latest versions immediately.

AI-assisted analysis generated from the source advisory — verify against the original.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
critical
Published
2026-06-25
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-631

More from Canadian Centre for Cyber Security