Cross-Site Scripting Vulnerability in Drupal Canvas
CVE-2026-58587

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-58587?

Drupal Canvas contains a Cross-Site Scripting (XSS) vulnerability that results from improper handling of user input during web page generation. This flaw potentially allows attackers to inject malicious scripts into web pages viewed by users, leading to unauthorized actions or data exposure. Affected versions include any from 0.0.0 up to 1.7.1, compelling users and administrators to update to secure releases promptly to mitigate risks.

Affected Version(s)

Drupal Canvas 0.0.0 < 1.4.2

Drupal Canvas 1.5.0 < 1.5.2

Drupal Canvas 1.6.0 < 1.6.1

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

AKHIL BABU (akhil babu)
Alex Bronstein (effulgentsia)
Christian López Espínola (penyaskito)
Juraj Nemec (poker10)
.