Drupal core security release for 11.3.x-10.4x
Security Patch Release
Summary
Hide ▲
Show ▼
Drupal has scheduled a core security release for Drupal core, with updates due later today and a brief window before details are public. The release covers Drupal core versions 8 and later, with listed updates for 11.3.x, 11.2.x, 11.1x, 10.6.x, 10.5.x, and 10.4x. Drupal warned that exploits could appear within hours of disclosure, which raises the risk for sites that delay patching. Administrators on Drupal 8 or 9 are told to move to at least 10.6, while older branches may only get hotfixes or no patches.
Related Happenings
Drupal core security update for CVE-2026-9082
Security Patch Release
First: 22.05.2026 16:14
Last: 22.05.2026 16:14
Sources 1
About this happening:
**Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...
Drupal core security update for CVE-2026-9082
Security Patch ReleaseAbout this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...
Drupal core security release (May 2026)
Security Patch Release
First: 19.05.2026 13:44
Last: 19.05.2026 13:44
Sources 1
About this happening:
**Drupal Security Team** announced a **core security release** for **all supported Drupal branches** on **May 20, 2026**, signaling an **urgent update window** for sites that may...
Drupal core security release (May 2026)
Security Patch ReleaseAbout this happening: **Drupal Security Team** announced a **core security release** for **all supported Drupal branches** on **May 20, 2026**, signaling an **urgent update window** for sites that may...
Timeline
-
20.05.2026 15:52 2 articles · 7d ago
Drupal announces a core security release
Initial DisclosureDrupal announced a core security release for Drupal core versions 8 and later, telling administrators to reserve time for updates on May 20 between 17:00 and 21:00 UTC and to upgrade Drupal 8 or 9 sites to at least 10.6; Drupal also said fixes will be provided for Drupal 11.3.x, 11.2.x, 11.1x, 10.6.x, 10.5.x, and 10.4x, while sites using Drupal Steward are already protected against known attack vectors.
Show sources
- Drupal critical update to fix bug with high exploitation risk — www.bleepingcomputer.com — 20.05.2026 15:52
- Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks — thehackernews.com — 21.05.2026 06:44