PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13244 Drupal CVE debrief

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T22:16:40.523Z and has not been modified since then. This Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. Affected versions are from 0.0.0 to 2.4.0. Users of Drupal Tealium iQ Tag Management should verify their inventory and assess vulnerability.

Vendor
Drupal
Product
Tealium iQ Tag Management
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of Drupal Tealium iQ Tag Management versions from 0.0.0 to 2.4.0 should verify their inventory and assess vulnerability. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review compensating controls for exposed systems.

Technical summary

The Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions from 0.0.0 to 2.4.0. The vulnerability has a medium priority given the potential for object injection attacks.

Defensive priority

Medium priority given the potential for object injection attacks. Users should implement compensating controls as needed and monitor for suspicious activity.

Recommended defensive actions

  • Verify inventory of Drupal Tealium iQ Tag Management versions
  • Assess vulnerability of affected versions
  • Apply vendor remediation when available
  • Monitor for suspicious activity
  • Implement compensating controls as needed

Evidence notes

Evidence is limited; primary official records indicate a vulnerability exists in Drupal Tealium iQ Tag Management versions from 0.0.0 to 2.4.0. The CVE record was published on 2026-07-10T22:16:40.523Z and has not been modified since then. Users should verify their inventory and assess vulnerability. Defensive verification tasks are needed due to limited source detail.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T22:16:40.523Z and has not been modified since then.