Drupal critical update to fix bug with high exploitation risk

Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure.

Administrators are urged to reserve time for core updates on May 20 between 17:00 and 21:00 UTC. Website administrators running versions 8 or 9 are strongly recommended to upgrade to at least version 10.6.

The Drupal content management system (CMS) is very popular among large organizations as well as in the government, education, and healthcare sectors.

According to the public service announcement, the vulnerability affects Drupal core versions 8 and later, but the advisory clarifies that not all configurations are impacted. Security updates will be available for the following versions:

Drupal 11.3.x

Drupal critical update to fix bug with high exploitation risk

Other newsrooms on this story

Related reading

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

Other newsrooms on this story

Related reading

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

CMS Drupal: Hochkritisches Drupal-Core-Update für den 20. Mai angekündigt

Clear your calendar, Drupal user: You have a critically urgent patch to install

Emergency Cisco Critical 0Day Update—Attackers Downgrade Security

Critical cPanel, WHM flaw probs exploited as 0-day, pros say