Drupal and TYPO3 Core Flaws Prompt CMS Security Advisories
Security advisories were issued for multiple vulnerabilities in Drupal Core and for a TYPO3 Core information disclosure flaw, highlighting fresh risk in widely deployed content management systems. The Drupal notice identifies several unresolved security issues in the core platform, while the TYPO3 advisory warns that a vulnerability could expose sensitive information to unauthorized parties.
Organizations running either CMS are likely to review affected versions, assess exposure of internet-facing instances, and prioritize vendor guidance for patching or mitigation. The disclosures underscore the operational risk of unremediated core-platform weaknesses in web publishing environments, where vulnerabilities can affect confidentiality and potentially broaden the attack surface for follow-on compromise.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
dCERT publishes TYPO3 Core information disclosure advisory
dCERT issued Advisory 2026-1169 for a TYPO3 Core vulnerability that allows information disclosure. The reference indicates the advisory was published on April 21, 2026.
dCERT publishes Drupal Core multiple vulnerabilities advisory
dCERT issued Advisory 2026-1132 for multiple vulnerabilities affecting Drupal Core. The reference indicates the advisory was published on April 16, 2026.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Drupal Warns of Highly Critical Core Flaw Requiring Immediate Emergency Patching
Drupal has warned administrators to prepare for an emergency core security release affecting all supported branches, saying the undisclosed flaw is **highly critical**, easy to exploit, and could be weaponized within hours or days of disclosure. According to Drupal and follow-on reporting, the vulnerability requires no privileges and may let attackers expose non-public data or modify or delete site content, although it appears limited to certain uncommon configurations rather than every deployment. A related advisory from dCERT also flagged a Drupal Core vulnerability enabling an unspecified attack. Security updates are scheduled for supported branches `11.3.x`, `11.2.x`, `10.6.x`, and `10.5.x`, with best-effort fixes also planned for older `11.1.x` and `10.4.x` releases. Sites running `8.9` and `9.5` are expected to receive manual patch files only, with warnings about possible regressions and renewed pressure to upgrade to supported versions such as Drupal `10.6` or later; **Drupal 7 is not affected**. Drupal Steward customers were said to be protected against known attack vectors, but Drupal still urged all organizations to reserve maintenance time and apply the patch immediately once released.
Jun 3, 2026
Multiple Critical Vulnerabilities Disclosed Across Popular Software Platforms
A series of critical vulnerabilities have been disclosed affecting a wide range of popular software platforms, including WordPress plugins, web frameworks, developer tools, and enterprise applications. Notable issues include unauthenticated remote code execution (RCE) flaws in Next.js (CVE-2025-66478), WordPress core (CVE-2025-6389), and the ACF Extended plugin (CVE-2025-13486), as well as privilege escalation and authentication bypass vulnerabilities in the WP Directory Kit plugin (CVE-2025-13390) and cPanel. Several of these vulnerabilities are reported to be under active exploitation, with proof-of-concept code available for some, increasing the urgency for immediate patching and mitigation. Other significant disclosures include a high-severity flaw in Vim for Windows (CVE-2025-66476) allowing arbitrary code execution, a critical SQL injection chain in Synology BeeStation, and a directory traversal vulnerability in cPanel that could lead to full server takeover. Additional advisories cover issues in lz4-java, Longwatch OT surveillance, Django, Elementor, Apache Struts, nopCommerce, and OpenVPN, with many rated as critical or high severity by CVSS. Organizations are strongly advised to review affected products and apply security updates promptly to mitigate the risk of exploitation.
Mar 21, 2026
Multiple MediaWiki and Extension Vulnerabilities Expose Sites to XSS Risks
dCERT issued an advisory for **multiple vulnerabilities in MediaWiki**, followed by a second advisory covering **multiple vulnerabilities in MediaWiki extensions that allow cross-site scripting (XSS)**. The notices indicate that organizations running MediaWiki-based platforms may be exposed through flaws in both the core software and its extension ecosystem. The combined advisories point to a broader security issue for MediaWiki deployments, where weaknesses in core components and add-on extensions can increase the risk of malicious script injection and related compromise of user sessions or administrative actions. Organizations using MediaWiki should review affected versions, assess installed extensions, and apply vendor fixes or mitigations as they become available.
Apr 10, 2026