drupal/core Security Advisories for 10.5.6 (3)
-
[CRITICAL] Drupal Core has a SQL Injection issue
PKSA-h76q-q9b2-4kdc CVE-2026-9082 GHSA-ghwc-95x2-682j
Affected version: >=11.3.0,<11.3.10|>=11.2.0,<11.2.12|>=11.0.0,<11.1.10|>=10.6.0,<10.6.9|>=10.5.0,<10.5.10|>=8.9.0,<10.4.10
Reported by:
GitHub -
[MEDIUM] Drupal core is Vulnerable to Cross-Site Scripting
PKSA-7kyj-yy4m-jzhv CVE-2026-6365 GHSA-f3cj-mjqm-fhvj
Affected version: >=11.3.0,<11.3.7|>=11.0.0,<11.2.11|>=10.6.0,<10.6.7|>=8.0.0,<10.5.9
Reported by:
GitHub -
[MEDIUM] Drupal core allows Object Injection
PKSA-j351-xv4b-pryh CVE-2026-6366 GHSA-xmjc-63pr-2mpg
Affected version: >=11.3.0,<11.3.7|>=11.0.0,<11.2.11|>=10.6.0,<10.6.7|>=8.0.0,<10.5.9
Reported by:
GitHub