Drupal Aid
Share
06/10/2026
Security update for Drupal sites.
Examples for Developers (examples) needs to be updated to version 4.0.6.
The issue: Without the update, someone could potentially access parts of your site they shouldn't be able to see.
This applies to Drupal 10/11 sites.
Tagify (tagify) needs to be updated to version 1.2.52.
The issue: Without the update, someone could potentially inject malicious code that runs in visitors' browsers.
This applies to Drupal 10/11 sites.
This only affects sites using this specific module. If you're not sure whether your site uses it, we can help you check.
Drupal published a critical security update for core today. A few things make this one stand out:
1. "Core" means Drupal itself — not a module. Every Drupal site is affected.
2. Drupal backported the patch to Drupal 8 and Drupal 9, even though both have been end-of-life for years. They effectively never do this. That's how high-risk this advisory is.
3. Fixed versions are published for every branch from Drupal 8 through Drupal 11: 8.9.21, 9.5.12, 10.5.10, 10.6.9, 11.2.12, 11.3.10.
What to do:
→ If your site is on our maintenance plan, no action needed on your end. We're already scheduling the deployment with proper testing and rollback in place.
→ If you don't have ongoing maintenance, please reach out today — critical-severity patches close exploit windows that open within days of release.
Even if your site is on a Drupal version you thought was unsupported, a patch exists for it. Don't ignore this one.
04/15/2026
Drupal released a security update today.
Drupal core (core) has a CRITICAL security issue that could let someone inject malicious code that runs in visitors' browsers.
If you have this module on your site:
- Versions below 11.3.7 and 10.6.7 are affected
- Update to version 11.3.7 and 10.6.7
- This applies to Drupal 10/11 sites
If you don't have this module installed, no action needed.
03/11/2026
Drupal released a security update today.
Unpublished Node Permissions (unpublished_node_permissions) has a security issue that could let someone access parts of your site they shouldn't be able to see.
If you have this module on your site:
- Versions below 1.7.0 are affected
- Update to version 1.7.0
- This applies to Drupal 10/11 sites
AI (Artificial Intelligence) (ai) has a security issue that could let someone see private information they shouldn't have access to.
If you have this module on your site:
- Versions below 1.2.12 are affected
- Update to version 1.2.12
- This applies to Drupal 10/11 sites
If you don't have this module installed, no action needed.
03/04/2026
Drupal released a security update today.
OpenID Connect / OAuth client (openid_connect) has a security issue that could let someone access parts of your site they shouldn't be able to see.
If you have this module on your site:
- Versions below 1.5.0 are affected
- Update to version 1.5.0
- This applies to Drupal 10/11 sites
Google Analytics GA4 (ga4_google_analytics) has a security issue that could let someone inject malicious code that runs in visitors' browsers.
If you have this module on your site:
- Versions below 1.1.13 are affected
- Update to version 1.1.13
- This applies to Drupal 10/11 sites
Calculation Fields (calculation_fields) has a security issue that could let someone inject malicious code that runs in visitors' browsers.
If you have this module on your site:
- Versions below 1.0.4 are affected
- Update to version 1.0.4
- This applies to Drupal 10/11 sites
If you don't have this module installed, no action needed.
Click here to claim your Sponsored Listing.
