CVE-2026-6365 | Drupal up to 10.5.8/10.6.6/11.2.10/11.3.6 cross site scripting (sa-core-2026-001)

A vulnerability, which was classified as problematic, has been found in Drupal up to 10.5.8/10.6.6/11.2.10/11.3.6. This affects an unknown function. The manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-6365. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More