Serial number: AV26-175
Date: February 26, 2026
On February 25, 2026, Drupal published security advisories to address vulnerabilities in the following products:
- Material Icons – versions prior to 2.0.4
- Theme Negotiation by Rules – versions prior to 1.2.1
- Tagify – versions prior to 1.2.49
- Anti-Spam by CleanTalk – versions prior to 9.7.0
- CAPTCHA – versions prior to 1.17.0, version 2.0.0 to versions prior to 2.0.10
- Islandora – versions prior to 2.17.5
- Drupal Canvas – versions prior to 1.1.1
- SAML SSO - Service Provider – versions prior to 3.1.3
- Responsive Favicons – versions prior to 2.0.2
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates or perform the suggested mitigations.