Cross-site Scripting Vulnerability in Drupal Core
CVE-2026-55808

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-55808?

A Cross-site Scripting (XSS) vulnerability exists within the Drupal Core, allowing attackers to inject malicious scripts into web pages. This flaw affects various versions of the Drupal Core, potentially compromising security and allowing unauthorized actions from users. Websites running affected versions are at risk and should be promptly updated to mitigate exposure to potential attacks.

Affected Version(s)

Drupal core 0.0.0 < 10.5.12

Drupal core 10.6.0 < 10.6.11

Drupal core 11.2.0 < 11.2.14

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

cantina_security
Björn Brala (bbrala)
Kim Pepper (kim.pepper)
Lee Rowlands (larowlan)
Damien McKenna (damienmckenna)
Greg Knaddison (greggles)
Lee Rowlands (larowlan)
Dave Long (longwave)
Juraj Nemec (poker10)
Jess (xjm)
.