Cross-Site Scripting Vulnerability in Anti-Spam by CleanTalk for Drupal
CVE-2026-10770

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-10770?

A vulnerability in the Anti-Spam by CleanTalk plugin for Drupal enables attackers to execute script injections through improper input handling during web page generation. This reflected cross-site scripting (XSS) flaw impacts versions ranging from 0.0.0 to 9.7.1, potentially allowing unauthorized users to manipulate web content and steal sensitive information. Users are advised to upgrade to the latest version to mitigate security risks.

Affected Version(s)

Anti-Spam by CleanTalk 0.0.0 < 9.7.1

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ra Mänd (ram4nd)
alexandergull
anton1211
Ra Mänd (ram4nd)
Neil Drumm (drumm)
Greg Knaddison (greggles)
Juraj Nemec (poker10)
.