CVE-2026-55804
Description
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*.
Metadata
Severity & Metrics
No CVSS data available.
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Drupal | Drupal core | — | 0.0.0 < 10.5.12, 10.6.0 < 10.6.11, 11.2.0 < 11.2.14, 11.3.0 < 11.3.12 … |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-915 | cna | CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes |
References (1)