CVE-2026-1553
4.8
MEDIUM
CVSS 3.1
EPSS 0.04%
描述
This Drupal Canvas module is a new visual page builder for Drupal. You can create reusable components that match your design system, drag them onto a page, edit content in place, preview changes across multiple pages, and undo mistakes with ease. The module doesn't sufficiently validate access to Canvas Pages when they are unpublished. This vulnerability is mitigated by the fact that Canvas Pages don't have content moderation enabled by default, and they must be unpublished after being released, and archiving is not a feature provided by the module yet.
如何修補 CVE-2026-1553
要修補 CVE-2026-1553,請將受影響套件升級到下列已修補版本。
- —升級至 1.0.4 或更新版本
CVE-2026-1553 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.0.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| nvd | CVSS 3.1 | MEDIUM4.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |