CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-15087

highcovered by 2 sourcesfirst seen 2026-07-09
An attacker can exploit multiple vulnerabilities in Drupal to perform SQL injection attacks, bypass security measures, disclose confidential information, and conduct cross-site scripting attacks.

CSIRTS triage

What
Multiple vulnerabilities allow an attacker to perform SQL injection, bypass security measures, and conduct cross-site scripting attacks.
Who is affected
Deployments of Drupal and its modules are affected.
Urgency
Remediation is urgent due to the high severity of the vulnerabilities.
Action
Update to the latest versions of affected modules.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-15087

Get an email if CVE-2026-15087 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (2)

External references

NVD record for CVE-2026-15087

CVE.org record

Embed the live status

CVE-2026-15087 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-15087 status](https://www.csirts.com/badge/CVE-2026-15087)](https://www.csirts.com/cve/CVE-2026-15087)