drupal/core Security Advisories for 11.2.0-rc1 (7)
-
[CRITICAL] Drupal Core has a SQL Injection issue
PKSA-h76q-q9b2-4kdc CVE-2026-9082 GHSA-ghwc-95x2-682j
Affected version: >=11.3.0,<11.3.10|>=11.2.0,<11.2.12|>=11.0.0,<11.1.10|>=10.6.0,<10.6.9|>=10.5.0,<10.5.10|>=8.9.0,<10.4.10
Reported by:
GitHub -
[MEDIUM] Drupal core is Vulnerable to Cross-Site Scripting
PKSA-7kyj-yy4m-jzhv CVE-2026-6365 GHSA-f3cj-mjqm-fhvj
Affected version: >=11.3.0,<11.3.7|>=11.0.0,<11.2.11|>=10.6.0,<10.6.7|>=8.0.0,<10.5.9
Reported by:
GitHub -
[MEDIUM] Drupal core allows Object Injection
PKSA-j351-xv4b-pryh CVE-2026-6366 GHSA-xmjc-63pr-2mpg
Affected version: >=11.3.0,<11.3.7|>=11.0.0,<11.2.11|>=10.6.0,<10.6.7|>=8.0.0,<10.5.9
Reported by:
GitHub -
[LOW] Drupal core allows Forceful Browsing
PKSA-bn52-vyzy-rmnm CVE-2025-13080 GHSA-83v7-c2cf-p9c2
Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9
Reported by:
GitHub -
[MEDIUM] Drupal core allows Object Injection
PKSA-xj83-g6g8-41vf CVE-2025-13081 GHSA-m6vv-vcj8-w8m7
Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9
Reported by:
GitHub -
[LOW] Drupal core allows Content Spoofing
PKSA-dh1f-zjm5-qg8y CVE-2025-13082 GHSA-h89p-5896-f4q8
Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9
Reported by:
GitHub -
[LOW] Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels
PKSA-d8tb-wwz2-ctxk CVE-2025-13083 GHSA-mhpg-hpj5-73r2
Affected version: >=7.0,<7.103|>=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9
Reported by:
GitHub