Drupal releases security updates
Drupal has released security updates to address security vulnerabilities affecting Drupal versions 8.9, 9, 10.4.x, 10.5.x, 10.6.x, 11.1.x, 11.2.x, 11.3.x. An attacker could exploit these vulnerabilities to trigger elevation of privilege, remote code execution, data manipulation and sensitive information disclosure on the targeted system.
According to Drupal security advisories, users are recommended to install the latest version:
If you are using Drupal 11.3.x, update to Drupal 11.3.10;
If you are using Drupal 11.2.x, update to Drupal 11.2.12;
If you are using Drupal 11.1.x or 11.0.x, update to Drupal 11.1.10;
If you are using Drupal 10.6.x, update to Drupal 10.6.9;
If you are using Drupal 10.5.x, update to Drupal 10.5.10;
If you are using Drupal 10.4.x, update to Drupal 10.4.10;
If you are using Drupal 9, manually apply the Drupal 9.5 patch;
If you are using Drupal 8.9, manually apply the Drupal 8.9 patch.
More information on vulnerabilities and updates is available in Drupal security advisories:
21 May 2026