Drupal security advisory (AV26-359)

Serial number: AV26-359
Date: April 16, 2026

On April 15, 2026, Drupal published a security advisory to address a critical vulnerability in the following product:

• Drupal core – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001
• Drupal Security Advisories