Drupal security advisory (AV26-308)

Serial number: AV26-308
Date: April 1, 2026

On April 1, 2026, Drupal published a security advisory to address a critical vulnerability in the following product :

• SAML SSO - Service Provider – versions prior to 3.1.4

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
• Drupal Security Advisories