CVE-2026-55806

CVE-2026-55806: Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007

Vendor Drupal
Product Drupal core
Weakness CWE-601 · Open redirect
Published July 10, 2026
Last update July 10, 2026

CVSS base score

What the vulnerability does

01Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*.

Key dates

02Disclosure timeline

July 10, 2026 CVE published

Related vulnerabilities

04Related CVE