September 17, 2020
Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or leverage the way HTML is rendered. CISA encourages users and administrators to review the following Drupal security updates and apply the necessary updates. Read the advisory at CISA.
June 18, 2020
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.8, 8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal Advisories SA-CORE-2020-004 and SA-CORE-2020-005 for more information and to apply the necessary updates. Read the advisory at CISA.
May 21, 2020
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and 8.8. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal Advisories SA-CORE-2020-002 and SA-CORE-2020-003 for more information and to apply the necessary updates. Read the advisory at CISA.
March 19, 2020
Drupal has released security updates to address vulnerabilities affecting Drupal 8.7.x and 8.8.x. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Drupal security release and apply the necessary updates or mitigations. Read the advisory at CISA.
December 19, 2019
Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and 8.8.x. An attacker could exploit some of these vulnerabilities to modify data on an affected website. CISA encourages users and administrators to review the following Drupal Security Advisories and apply the necessary updates. Read the advisory at CISA.
May 9, 2019
Drupal has released a security update to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected website. The NCCIC encourages users and administrators to review Drupal’s security advisory SA-CORE-2019-007 and apply the necessary updates. Read the report at NCCIC/US-CERT.
April 17, 2019
Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. The NCCIC encourages users and administrators to review Drupal’s security advisories SA-CORE-2019-005 and SA-CORE-2019-006 and apply the necessary updates. Read the advisory at NCCIC/ICS-CERT.
March 20, 2019
Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system. encourages users and administrators to review the Drupal Security Advisory and apply the necessary updates. Read the advisory at NCCIC/US-CERT.
January 16, 2019
Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review Drupal’s security advisories SA-CORE-2019-001 and SA-CORE-2019-002 and apply the necessary updates. Read the full advisory at NCCIC/US-CERT.
October 18, 2018
Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. NCCIC/US-CERT.
April 25, 2018
Drupal has released critical updates addressing a vulnerability in Drupal 8.x and 7.x. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. US-CERT.
April 18, 2018
Drupal has released updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to gain access to sensitive information. NCCIC encourages users and administrators to review the Drupal Security Advisory for additional information and apply the necessary updates. NCCIC/US-CERT.
March 28, 2018
Drupal has released critical updates addressing a vulnerability in Drupal 8, 7, and 6. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. NCCIC/US-CERT.
February 21, 2018
Drupal has released an advisory to address multiple vulnerabilities in Drupal 7.x and 8.4.x. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.57 or 8.4.5. US-CERT.
August 16, 2017
Drupal has released an advisory to address several vulnerabilities in Drupal 8.x. A remote attacker could exploit one of these vulnerabilities to obtain or modify sensitive information. US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.3.7. US-CERT.
June 21, 2017
Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.56 or 8.3.4. ICS-CERT.
April 19, 2017
Drupal has released an advisory to address a vulnerability in Drupal core 8.x versions prior to 8.2.8 and 8.3.1. A remote attacker could exploit this vulnerability to obtain sensitive information. US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.2.8 or 8.3.1. US-CERT.
March 15, 2017
Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.2.7. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary update. US-CERT.
August 19, 2015
US-CERT advises that Drupal has released updates to address multiple vulnerabilities, one of which could allow an attacker with elevated permissions to inject malicious code. Available updates include: Drupal core 6.37 for 6.x users and Drupal core 7.39 for 7.x users. US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. US-CERT.