Drupal security advisory (AV26-676)
Serial number: AV26-676 Date: July 8, 2026 On July 8, 2026, Drupal published security updates for multiple products. Included was a critical update for the following: Location Selector – versions prior to 1.3.0 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations. Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072 Drupal Security Advisories
CSIRTS triage
- What
- A critical SQL Injection vulnerability has been identified in the Location Selector module.
- Who is affected
- Users of the Location Selector module prior to version 1.3.0 are affected.
- Urgency
- This is a critical vulnerability, and remediation is urgent due to the potential for exploitation.
- Action
- Users should update to Location Selector version 1.3.0 or later.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Location Selector
Get an email when a new Location Selector advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-676
More from Canadian Centre for Cyber Security
- unknownBitWarden security advisory (AV26-683)2026-07-10
- criticalAL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 12026-07-10
- unknownMicrosoft Edge security advisory (AV26-682)2026-07-10
- criticalBroadcom VMware security advisory (AV26-681)2026-07-10
- unknownDjango security advisory (AV26-084) – Update 12026-07-09