PatchSiren cyber security CVE debrief
CVE-2026-13244 Drupal CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T22:16:40.523Z and has not been modified since then. This Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. Affected versions are from 0.0.0 to 2.4.0. Users of Drupal Tealium iQ Tag Management should verify their inventory and assess vulnerability.
- Vendor
- Drupal
- Product
- Tealium iQ Tag Management
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Users of Drupal Tealium iQ Tag Management versions from 0.0.0 to 2.4.0 should verify their inventory and assess vulnerability. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review compensating controls for exposed systems.
Technical summary
The Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions from 0.0.0 to 2.4.0. The vulnerability has a medium priority given the potential for object injection attacks.
Defensive priority
Medium priority given the potential for object injection attacks. Users should implement compensating controls as needed and monitor for suspicious activity.
Recommended defensive actions
- Verify inventory of Drupal Tealium iQ Tag Management versions
- Assess vulnerability of affected versions
- Apply vendor remediation when available
- Monitor for suspicious activity
- Implement compensating controls as needed
Evidence notes
Evidence is limited; primary official records indicate a vulnerability exists in Drupal Tealium iQ Tag Management versions from 0.0.0 to 2.4.0. The CVE record was published on 2026-07-10T22:16:40.523Z and has not been modified since then. Users should verify their inventory and assess vulnerability. Defensive verification tasks are needed due to limited source detail.
Official resources
-
CVE-2026-13244 CVE record
CVE.org
-
CVE-2026-13244 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T22:16:40.523Z and has not been modified since then.