Cross-Site Scripting Vulnerability in Drupal Colorbox Plugin
CVE-2026-58591

Currently unrated

Key Information:

Vendor

Drupal

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-58591?

The Drupal Colorbox plugin is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. This flaw permits malicious users to inject arbitrary web scripts into a vulnerable application, potentially compromising user data and site integrity. Users of Colorbox versions ranging from 0.0.0 to 2.1.5 and 0.0.0 to 2.2.0 should take immediate action to mitigate this security risk.

Affected Version(s)

Colorbox 0.0.0 < 2.1.5

Colorbox 0.0.0 < 2.2.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Rudloff (prudloff)
Paul McKibben (paulmckibben)
Pierre Rudloff (prudloff)
.