drupal/core Security Advisories for 11.3.0-rc1 (4)
-
[CRITICAL] Drupal Core has a SQL Injection issue
PKSA-h76q-q9b2-4kdc CVE-2026-9082 GHSA-ghwc-95x2-682j
Affected version: >=11.3.0,<11.3.10|>=11.2.0,<11.2.12|>=11.0.0,<11.1.10|>=10.6.0,<10.6.9|>=10.5.0,<10.5.10|>=8.9.0,<10.4.10
Reported by:
GitHub -
[MEDIUM] Drupal core is Vulnerable to Cross-Site Scripting
PKSA-7kyj-yy4m-jzhv CVE-2026-6365 GHSA-f3cj-mjqm-fhvj
Affected version: >=11.3.0,<11.3.7|>=11.0.0,<11.2.11|>=10.6.0,<10.6.7|>=8.0.0,<10.5.9
Reported by:
GitHub -
[MEDIUM] Drupal core allows Object Injection
PKSA-j351-xv4b-pryh CVE-2026-6366 GHSA-xmjc-63pr-2mpg
Affected version: >=11.3.0,<11.3.7|>=11.0.0,<11.2.11|>=10.6.0,<10.6.7|>=8.0.0,<10.5.9
Reported by:
GitHub -
[MEDIUM] Drupal core allows Cross-Site Scripting (XSS)
PKSA-787q-p7fn-mcw7 CVE-2026-6367 GHSA-pw6f-3999-xp7g
Affected version: >=11.3.0,<11.3.7
Reported by:
GitHub