Drupal core security release (May 2026)
Security Patch Release
Summary
Hide ▲
Show ▼
Drupal Security Team announced a core security release for all supported Drupal branches on May 20, 2026, signaling an urgent update window for sites that may be affected. The release matters because the team warned that exploits might be developed within hours or days. Administrators are told to reserve the 5-9 p.m. UTC window to assess impact and apply the update.
Related Happenings
Drupal core security update for CVE-2026-9082
Security Patch Release
First: 22.05.2026 16:14
Last: 22.05.2026 16:14
Sources 1
About this happening:
**Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...
Drupal core security update for CVE-2026-9082
Security Patch ReleaseAbout this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...
Drupal core security release for 11.3.x-10.4x
Security Patch Release
First: 20.05.2026 15:52
Last: 20.05.2026 15:52
Sources 1
About this happening:
**Drupal** has scheduled a **core security release** for **Drupal core**, with updates due later today and a brief window before details are public. The release covers **Drupal co...
Drupal core security release for 11.3.x-10.4x
Security Patch ReleaseAbout this happening: **Drupal** has scheduled a **core security release** for **Drupal core**, with updates due later today and a brief window before details are public. The release covers **Drupal co...
Vidar 2.0 infostealer upgrade
Malware Activity
First: 23.10.2025 13:00
Last: 23.10.2025 13:00
Sources 1
About this happening:
The **Vidar 2.0 infostealer** has been upgraded with **multithreaded data theft**, a **Chrome AppBound bypass**, and a **polymorphic builder**, raising the risk of faster exfiltra...
Vidar 2.0 infostealer upgrade
Malware ActivityAbout this happening: The **Vidar 2.0 infostealer** has been upgraded with **multithreaded data theft**, a **Chrome AppBound bypass**, and a **polymorphic builder**, raising the risk of faster exfiltra...
Timeline
-
19.05.2026 13:44 2 articles · 8d ago
Drupal core security release (May 2026)
Initial DisclosureDrupal scheduled a **May 20, 2026** **core security release** for supported branches and told administrators to reserve the **5-9 p.m. UTC** window to check whether their sites need an immediate update.
Show sources
- Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare — thehackernews.com — 19.05.2026 13:44
- Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare — thehackernews.com — 19.05.2026 13:44