CVE-2026-55803

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
drupalCNA
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
drupaldrupal
0.0.0 ≤
𝑥
< 10.5.12
CNA
drupaldrupal
10.6.0 ≤
𝑥
< 10.6.11
CNA
drupaldrupal
11.2.0 ≤
𝑥
< 11.2.14
CNA
drupaldrupal
11.3.0 ≤
𝑥
< 11.3.12
CNA
drupaldrupal
0.0.0 ≤
𝑥
< 11.1.0
CNA
drupaldrupal
0.0.0 ≤
𝑥
< 11.2.0
CNA