CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Drupal security advisory (AV26-676)

critical
Serial number: AV26-676 Date: July 8, 2026 On July 8, 2026, Drupal published security updates for multiple products. Included was a critical update for the following: Location Selector – versions prior to 1.3.0 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations. Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072 Drupal Security Advisories

CSIRTS triage

What
A critical SQL Injection vulnerability has been identified in the Location Selector module.
Who is affected
Users of the Location Selector module prior to version 1.3.0 are affected.
Urgency
This is a critical vulnerability, and remediation is urgent due to the potential for exploitation.
Action
Users should update to Location Selector version 1.3.0 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Location Selector

Get an email when a new Location Selector advisory drops — max one per day, one-click unsubscribe.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
critical
Published
2026-07-08
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-676

More from Canadian Centre for Cyber Security