Drupal security advisory (AV26-121)

Serial number: AV26-121
Date: February 11, 2026

On February 11, 2026, Drupal published security advisories to address vulnerabilities in the following products:

QuickEdit – versions prior to 1.0.5 and versions 2.0.0 to versions prior to 2.0.1
UI Icons – versions prior to 1.0.1 and version 1.1.0 to versions prior to 1.1.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009
UI Icons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-010
Drupal Security Advisories

Date modified:: 2026-02-11

Language selection

Search

Drupal security advisory (AV26-121)