Developers of the popular Drupal content management system are working to secure the software’s update mechanism after a researcher recently found weaknesses in it. Last week, researcher Fernando ...

Drupal has released emergency security updates to address a critical vulnerability with known exploits that could allow for arbitrary PHP code execution on some CMS versions. "According to the regular ...

The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates. Researcher Fernando ...

The Drupal Security Team is releasing patches for all supported core branches today, May 20, 2026, between 17:00 and 21:00 UTC — and every administrator of a Drupal-powered website should be at their ...

Drupal announced two vulnerabilities affecting versions 9.2 and 9.3 that could allow an attacker to upload malicious files and take control of a site. The threat levels of the two vulnerabilities are ...