Original release date: November 19, 2020
Drupal has released security updates to address a critical vulnerability in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Advisory SA-CORE-2020-012, apply the necessary updates, and follow the additional recommendation.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA released Microsegmentation in Zero Trust, Part One: Introduction and Planning as part of its…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
Update (07/24/2025): CISA continues to update reporting on this ongoing activity, as threat actor tactics,…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released nine Industrial Control Systems (ICS) advisories on July 22, 2025. These advisories provide…
CISA released six Industrial Control Systems (ICS) advisories on July 24, 2025. These advisories provide…
This website uses cookies.