Drupal security advisory (AV26-225)

Serial number: AV26-225
Date: March 11, 2026

On March 11, 2026, Drupal published security advisories to address vulnerabilities in the following products:

Unpublished Node Permissions – versions prior to 1.7.0
AI (Artificial Intelligence) – versions prior to 1.1.11 and 1.2.x versions prior to 1.2.12

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029
AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028
Drupal Security Advisories

Date modified:: 2026-03-11

Language selection

Search

Drupal security advisory (AV26-225)