PatchSiren cyber security CVE debrief
CVE-2026-55808 Drupal CVE debrief
The CVE-2026-55808 vulnerability is a Cross-Site Scripting (XSS) issue in Drupal core, allowing for XSS attacks. Affected versions include from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, and from 0.0.0 to 11.1.*. The CVE record was published on 2026-07-10T22:16:43.667Z and has not been modified since then. This issue has a high impact on users of affected Drupal core versions due to the potential for Cross-Site Scripting (XSS) attacks.
- Vendor
- Drupal
- Product
- Drupal core
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Users of Drupal core versions from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.* should be aware of this Cross-Site Scripting (XSS) vulnerability and take necessary actions to mitigate it.
Technical summary
The CVE-2026-55808 vulnerability is an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) issue in Drupal core. This vulnerability allows for Cross-Site Scripting (XSS) attacks. Affected versions include from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, and from 0.0.0 to 11.1.*. Users of Drupal core should verify their versions and apply patches or updates to mitigate this vulnerability.
Defensive priority
High priority for users of affected Drupal core versions due to the potential for Cross-Site Scripting (XSS) attacks.
Recommended defensive actions
- Inventory and verify versions of Drupal core in use
- Apply patches or updates to affected versions
- Implement compensating controls such as Web Application Firewalls (WAFs)
- Monitor for suspicious activity
- Exception tracking and retest
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
Evidence is limited; primary official records indicate a Cross-Site Scripting (XSS) vulnerability in Drupal core versions. Verification and remediation efforts are recommended. The CVE record was published on 2026-07-10T22:16:43.667Z and has not been modified since then. Affected versions include from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, and from 0.0.0 to 11.1.*. Users should verify their deployments and apply patches or updates accordingly.
Official resources
-
CVE-2026-55808 CVE record
CVE.org
-
CVE-2026-55808 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T22:16:43.667Z and has not been modified since then.