Bug 2499229 (CVE-2026-55807) - CVE-2026-55807 Drupal core: Drupal core: Server-Side Request Forgery vulnerability
Summary: CVE-2026-55807 Drupal core: Drupal core: Server-Side Request Forgery vulnerab...
Keywords:
Status: NEW
Alias: CVE-2026-55807
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2499652
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-10 22:01 UTC by OSIDB Bzimport
Modified: 2026-07-13 12:48 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-10 22:01:08 UTC
Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*.


Note You need to log in before you can comment on or make changes to this bug.