Object Injection Vulnerability in Drupal Flag Attendance Field
CVE-2026-55809

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-55809?

The vulnerability in the Drupal Flag attendance field is a result of improperly controlled modifications of object attributes, which can lead to object injection. This security flaw could potentially allow an attacker to manipulate the functionality of the application, leading to unforeseen consequences. Web developers and administrators using affected versions must implement the recommended patches to ensure the integrity of their applications.

Affected Version(s)

Flag attendance field 0.0.0 < 1.2

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Drew Webber (mcdruid)
Anas Mawlawi (anas_maw)
Benji Fisher (benjifisher)
Drew Webber (mcdruid)
Benji Fisher (benjifisher)
Drew Webber (mcdruid)
Jess (xjm)
.