PatchSiren cyber security CVE debrief
CVE-2026-55810 Drupal CVE debrief
CVE-2026-55810 is an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing, which allows Object Injection. The issue affects Plotly.js Graphing versions from 0.0.0 to 3.0.2. Limited evidence is available for this CVE. To verify affected systems, check for Plotly.js Graphing versions within the vulnerable range and review Drupal's security advisories. Users should consult official vendor documentation and advisories for remediation guidance.
- Vendor
- Drupal
- Product
- Plotly.js Graphing
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Organizations using Drupal Plotly.js Graphing versions from 0.0.0 to 3.0.2 should assess their exposure and apply necessary patches or mitigations. Security teams and vulnerability managers should review the CVE details and monitor for potential exploitation attempts.
Technical summary
The vulnerability, CVE-2026-55810, is classified as CWE-915. It affects Plotly.js Graphing versions from 0.0.0 to 3.0.2. The vulnerability allows for Object Injection due to Improperly Controlled Modification of Dynamically-Determined Object Attributes. Limited source detail is available; further investigation is required to fully understand the vulnerability's impact and exploitability.
Defensive priority
Medium priority should be given to CVE-2026-55810 due to its potential for Object Injection attacks. Organizations should prioritize patching or mitigating this vulnerability, especially if using affected versions of Plotly.js Graphing in production environments.
Recommended defensive actions
- Inventory and verify Plotly.js Graphing versions within the vulnerable range (from 0.0.0 to 3.0.2) in use.
- Consult official Drupal security advisories and Plotly.js Graphing documentation for remediation guidance.
- Implement compensating controls, such as monitoring for suspicious activity related to Plotly.js Graphing.
- Consider applying patches or updates as soon as available.
Evidence notes
Evidence for CVE-2026-55810 is limited. The CVE record was published on 2026-07-10T22:16:43.867Z and has not been modified since then. The NVD entry is currently Received. One reference is provided from [email protected] regarding a Drupal security advisory.
Official resources
-
CVE-2026-55810 CVE record
CVE.org
-
CVE-2026-55810 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T22:16:43.867Z and has not been modified since then. The NVD entry is currently Received.