Serial number: AV26-198
Date: March 4, 2026
On March 4, 2026, Drupal published security advisories to address vulnerabilities in the following products:
- File Access Fix (deprecated) – versions prior to 1.2.0
- AJAX Dashboard – versions prior to 3.1.0
- Calculation Fields – versions prior to 1.0.4
- Google Analytics GA4 – versions prior to 1.1.13
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.
- File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021
- AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022
- Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023
- Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024
- Drupal Security Advisories