EST

PRE-CVEEXPLOITED

drupal · drupal extensions

Multiple Vulnerabilities in Various Drupal Extensions

72% confidence

Description

Multiple vulnerabilities in Drupal Core allow an attacker to execute arbitrary code, perform Cross-Site Scripting (XSS) attacks to manipulate data, or redirect users to malicious websites.

Affected Products

Vendor	Product	Versions
drupal	drupal extensions	—

Related News (2 articles)

Tier B

BSI Advisories9h ago

[NEU] [kritisch] Drupal Core: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

BSI Advisories13d ago

[NEU] [mittel] Drupal Erweiterungen: Mehrere Schwachstellen

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79

PublishedJun 5, 2026

Last enriched9h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALPRE-CVE

Multiple vulnerabilities in Drupal core and contributed modules

Trending: 30

CRITICALCVE-2026-9082EXPKEV

Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Trending: 14

CRITICALPRE-CVE

Critical Arbitrary PHP Code Execution in Drupal AlternativeCommerce (Basket)

Trending: 3

NONECVE-2026-6816EXP

TFA Basic Plugins - Access Bypass

Trending: 3

CRITICALCVE-2026-8495

Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

Trending: 3

Pin to Dashboard

Verification

State: reported

Confidence: 72%

Vulnerability Timeline

CVE Published

Jun 5, 2026

Actively Exploited

Jun 5, 2026

Exploit Available

Jun 5, 2026

Discovered by ZDM

Jun 5, 2026

Updated: description, severity, exploitAvailable, activelyExploited

Jun 18, 2026

Version History

Last enriched 9h ago

v2Tier B9h ago

Updated description with more technical detail and changed severity to CRITICAL, indicating that exploits are available and actively being used.

descriptionseverityexploitAvailableactivelyExploited

via BSI Advisories

v113d ago

Initial creation