—

DRUPAL-CORE-2026-001

Details

Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which can lead to a cross-site scripting (XSS) vulnerability.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / drupal/core

Introduced in: 8.0.0 Fixed in: 10.5.9

Fix composer require drupal/core:^10.5.9

References

https://www.drupal.org/sa-core-2026-001 [WEB]