Multiple Vulnerabilities Discovered in Drupal on 16 April 2026

📌 Multiple vulnerabilities were discovered in Drupal on 16 April 2026, enabling attackers to execute arbitrary remote code, conduct SQL injection (SQLi), and perform remote cross-site scripting (XSS) attacks. The flaws affect the Drupal content management system but do not specify affected versions or CVE identifiers in the provided notice. The impacts include unauthorized code execution, database manipulation via SQLi, and client-side script injection through XSS. No additional technical details, such as exploitation methods or mitigation steps, are disclosed in the report. The advisory originates from the French government’s CERT (CERT-FR).