CVE-2026-6366 | Drupal up to 10.5.8/10.6.6/11.2.10/11.3.6 dynamically-determined object attributes (sa-core-2026-002)

A vulnerability described as problematic has been identified in Drupal up to 10.5.8/10.6.6/11.2.10/11.3.6. Impacted is an unknown function. Such manipulation leads to dynamically-determined object attributes.

This vulnerability is traded as CVE-2026-6366. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More