Serial number: AV26-065
Date: January 28, 2026
On January 28, 2026, Drupal published security advisories to address vulnerabilities in the following products :
- Drupal Canvas – versions prior to 1.0.4
- Central Authentication System (CAS) Server – versions prior to 2.0.3, version 2.1.0 to versions prior to 2.1.2
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.