Serial number: AV26-030
Date: January 14, 2026
On January 14, 2026, Drupal published security advisories to address vulnerabilities in the following products:
- Group invite – versions prior to 2.3.9, version 3.0.0 to versions prior to 3.0.4, version 4.0.0 to versions prior to 4.0.4
- Role Delegation – version 1.3.0 to versions prior to 1.5.0
- AT Internet SmartTag – versions prior to 1.0.1
- AT Internet Piano Analytics – versions prior to 1.0.1, version 2.0.0 to versions prior to 2.3.1
- Microsoft Entra ID SSO Login – versions prior to 1.0.4
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates or perform the suggested mitigations.