CVE-2026-55806

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*.

Credits

Melih Acikoz
Michael Winser (michaelwinser)
Willem Drupal enthousiast (willempje2)
Lee Rowlands (larowlan)
catch (catch)
cilefen (cilefen)
Greg Knaddison (greggles)
Lee Rowlands (larowlan)
Dave Long (longwave)
James Gilliland (neclimdul)
Juraj Nemec (poker10)
Jess (xjm)

References