Object Injection Vulnerability in Tealium iQ Tag Management by Drupal
CVE-2026-13244

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-13244?

A vulnerability exists in Tealium iQ Tag Management due to improperly controlled modification of dynamically-determined object attributes. This flaw allows an attacker to inject objects, potentially leading to further exploits. Affected versions range from 0.0.0 up to 2.4.0. Organizations using these versions should assess their exposure and apply necessary mitigations.

Affected Version(s)

Tealium iQ Tag Management 0.0.0 < 2.4.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Drew Webber (mcdruid)
Benji Fisher (benjifisher)
Daniel Schiavone (schiavone)
Benji Fisher (benjifisher)
Bram Driesen (bramdriesen)
Neil Drumm (drumm)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
.