Object Injection Vulnerability in Drupal Core by Drupal
CVE-2026-55803
Currently unrated
What is CVE-2026-55803?
An object injection vulnerability exists in the Drupal core, allowing attackers to exploit improperly controlled modifications of dynamically-determined object attributes. This flaw could lead to potential malicious activities, impacting the integrity and security of Drupal-based websites. Affected versions include multiple releases, emphasizing the importance of keeping the system updated to mitigate such risks.
Affected Version(s)
Drupal core 0.0.0 < 10.5.12
Drupal core 10.6.0 < 10.6.11
Drupal core 11.2.0 < 11.2.14
References
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Michael Maturi (michaelmaturi)
Björn Brala (bbrala)
Sascha Grossenbacher (berdir)
Lee Rowlands (larowlan)
Dave Long (longwave)
Drew Webber (mcdruid)
Anna Kalata (akalata)
Benji Fisher (benjifisher)
Damien McKenna (damienmckenna)
David Strauss (david strauss)
Neil Drumm (drumm)
Greg Knaddison (greggles)
Tim Hestenes Lehnen (hestenet)
Lee Rowlands (larowlan)
Dave Long (longwave)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
Ra Mänd (ram4nd)
Jess (xjm)
