—

DRUPAL-CONTRIB-2026-060

Details

The optional Paragraphs Library module allows the reuse of paragraphs in multiple places. The module doesn't sufficiently restrict access to unpublished library items in lists. This vulnerability is mitigated by the fact the paragraphs\_library module must be in use, and that an attacker must have access to a list of library items, such as a field with autocomplete suggestions or a view.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/paragraphs

Introduced in: 0 Fixed in: 1.21.0

Upgrade drupal/paragraphs to 1.21.0 or newer (ecosystem packagist:https://packages.drupal.org/8).

References

https://www.drupal.org/sa-contrib-2026-060 [WEB]