URL Redirection Vulnerability in Drupal Core by Drupal
CVE-2026-55806

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-55806?

A URL Redirection vulnerability in Drupal core allows attackers to redirect users to untrusted sites, leading to potential content spoofing. This security issue impacts a range of Drupal core versions, compromising user trust and data integrity. Patch your installations promptly to mitigate risks and secure your web applications.

Affected Version(s)

Drupal core 0.0.0 < 10.5.12

Drupal core 10.6.0 < 10.6.11

Drupal core 11.2.0 < 11.2.14

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Melih Acikoz
Michael Winser (michaelwinser)
Willem Drupal enthousiast (willempje2)
Lee Rowlands (larowlan)
catch (catch)
cilefen (cilefen)
Greg Knaddison (greggles)
Lee Rowlands (larowlan)
Dave Long (longwave)
James Gilliland (neclimdul)
Juraj Nemec (poker10)
Jess (xjm)
.