Drupal security advisory (AV26-492)

Serial number: AV26-492
Date: May 20, 2026

On May 20, 2026, Drupal published a security advisory to address a critical vulnerability in the following product:

• Drupal Core – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
• Drupal Security Advisories