Drupal critical update to fix bug with high exploitation risk
BleepingComputer • • technology
Key Points:
- Drupal is set to release a critical core security update on May 20 between 17:00 and 21:00 UTC, urging administrators to allocate time for immediate patching due to the risk of rapid exploit development.
- The vulnerability affects Drupal core versions 8 and later, with security updates provided for versions 10.4.x through 11.3.x, including some no longer officially supported, reflecting the severity of the issue.
- End-of-life versions 8 and 9 will not receive official patches but will have hotfix files available for remediation; users are strongly recommended to upgrade to at least version 10.6.
- No technical details about the vulnerability have been disclosed to prevent exploitation, and any unofficial information should be treated with caution to avoid falling victim to fraudulent schemes.
- Drupal Steward users are already protected against known attack vectors but should still apply the forthcoming update, while all administrators are advised to monitor Drupal’s official security portal for developments.