Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Drupal — Vulnerabilities & Security Advisories 295

Browse all 295 CVE security advisories affecting Drupal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Drupal:Drupal CorecoreOpen SocialEnterprise MFA - TFA for DrupalAI (Artificial Intelligence)COOKiES Consent ManagementTwo-factor Authentication (TFA)One Time PasswordAuthenticator LoginOpenID Connect / OAuth clientFacetsData-moduleKlaro Cookie & Consent ManagementAccess codeQuick Node BlockSimple KlaroGoogle TagEmail TFACivicTheme Design SystemAcquia DAMDrupalPOST FileParagraphs tableTagifyDrupal CanvasLogin DisableNode Access Rebuild ProgressiveMonster MenusFile Entity (fieldable files)File Access Fix (deprecated)
CVE IDTitleCVSSSeverityPublished
CVE-2026-0748 Access bypass in Drupal 7 i18n_node translation UI — Internationalization (i18n) - i18n_node submoduleCWE-284 4.3 -2026-03-26
CVE-2026-1556 Information disclosure via file URI overwrite in File (Field) Paths — Drupal File (Field) PathsCWE-200 6.5 -2026-03-26
CVE-2026-4393 Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030 — Automated LogoutCWE-352 8.1AIHighAI2026-03-26
CVE-2026-4933 Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029 — Unpublished Node PermissionsCWE-863 7.5 -2026-03-26
CVE-2026-3573 AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028 — AI (Artificial Intelligence)CWE-863 9.1 -2026-03-26
CVE-2026-3532 OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027 — OpenID Connect / OAuth clientCWE-178 8.8AIHighAI2026-03-26
CVE-2026-3531 OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026 — OpenID Connect / OAuth clientCWE-288 9.8AICriticalAI2026-03-26
CVE-2026-3530 OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025 — OpenID Connect / OAuth clientCWE-918 9.8AICriticalAI2026-03-26
CVE-2026-3529 Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024 — Google Analytics GA4CWE-79 6.1AIMediumAI2026-03-26
CVE-2026-3528 Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023 — Calculation FieldsCWE-79 6.1AIMediumAI2026-03-26
CVE-2026-3527 AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022 — AJAX DashboardCWE-306 9.1AICriticalAI2026-03-26
CVE-2026-3526 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021 — File Access Fix (deprecated)CWE-863 7.5AIHighAI2026-03-26
CVE-2026-3525 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020 — File Access Fix (deprecated)CWE-863 7.5AIHighAI2026-03-26
CVE-2026-3218 Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019 — Responsive FaviconsCWE-79 6.1 -2026-03-25
CVE-2026-3217 SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018 — SAML SSO - Service ProviderCWE-79 6.1 -2026-03-25
CVE-2026-3216 Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017 — Drupal CanvasCWE-918 9.8 -2026-03-25
CVE-2026-3215 Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016 — IslandoraCWE-79 6.1 -2026-03-25
CVE-2026-3214 CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015 — CAPTCHACWE-288 9.1 -2026-03-25
CVE-2026-3213 Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014 — Anti-Spam by CleanTalkCWE-79 6.1 -2026-03-25
CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013 — TagifyCWE-79 6.1 -2026-03-25
CVE-2026-3211 Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012 — Theme Negotiation by RulesCWE-352 8.8 -2026-03-25
CVE-2026-3210 Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011 — Material IconsCWE-863 7.5 -2026-03-25
CVE-2026-2349 UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010 — UI IconsCWE-79 6.1 -2026-03-25
CVE-2026-2348 Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009 — Quick EditCWE-79 6.1 -2026-03-25
CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008 — Login DisableCWE-288 9.8 -2026-03-25
CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007 — Central Authentication System (CAS) ServerCWE-91 8.8AIHighAI2026-02-04
CVE-2026-1553 Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006 — Drupal CanvasCWE-863 7.5AIHighAI2026-02-04
CVE-2026-0948 Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005 — Microsoft Entra ID SSO LoginCWE-288 9.8AICriticalAI2026-02-04
CVE-2026-0947 AT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004 — AT Internet Piano AnalyticsCWE-79 6.1AIMediumAI2026-02-04
CVE-2026-0946 AT Internet SmartTag - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-003 — AT Internet SmartTagCWE-79 6.1AIMediumAI2026-02-04

This page lists every published CVE security advisory associated with Drupal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.