—

DRUPAL-CONTRIB-2026-061

Details

The optional Paragraphs Library module allows the reuse of paragraphs in multiple places. The module doesn't sufficiently restrict access to direct child paragraphs of library items through API endpoints. This vulnerability is mitigated by the fact the paragraphs\_library module must be in use and general write access to paragraphs through another module must be allowed.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/paragraphs

Introduced in: 0 Fixed in: 1.21.0

Upgrade drupal/paragraphs to 1.21.0 or newer (ecosystem packagist:https://packages.drupal.org/8).

References

https://www.drupal.org/sa-contrib-2026-061 [WEB]