Bug Bounties
Drupal

Drupal

Top 10K site
www.drupal.org → Homepage Contact
RecognitionPartial Safe Harbor

Known Exploited Vulnerabilities 5CVEs

2 linked to ransomware campaigns

  • CVE-2026-9082CoreMay 22, 20267.7% EPSS

    Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.

  • CVE-2018-7602CoreApr 13, 202294.4% EPSS

    A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.

  • CVE-2019-6340CoreMar 25, 202294.4% EPSS

    In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

  • CVE-2020-13671Drupal coreJan 18, 20224.5% EPSS

    Improper sanitization in the extension file names is present in Drupal core.

  • CVE-2018-7600Drupal CoreNov 3, 202194.5% EPSS

    Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.