—

DRUPAL-CONTRIB-2026-059

Details

The module adds support for the mirador viewer in WissKI and enables annotations on images via the mirador viewer.

It does not sufficiently check the submitted parameters via a route and writes these to the session object without further checks, which can lead to Access Bypass.

This vulnerability is mitigated by the fact that it is specific to the wisski\_mirador submodule.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/wisski

Introduced in: 0 Fixed in: 4.2.0

Upgrade drupal/wisski to 4.2.0 or newer (ecosystem packagist:https://packages.drupal.org/8).

References

https://www.drupal.org/sa-contrib-2026-059 [WEB]