Ref# ADV2026_117 | Date: Feb 27th 2026

---

Drupal published security advisories highlighting vulnerabilities in the following products on February 25^th, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated.

• Material Icons – versions prior to 2.0.4
• Theme Negotiation by Rules – versions prior to 1.2.1
• Tagify – versions prior to 1.2.49
• Anti-Spam by CleanTalk – versions prior to 9.7.0
• CAPTCHA – versions prior to 1.17.0, version 2.0.0 to versions prior to 2.0.10
• Islandora – versions prior to 2.17.5
• Drupal Canvas – versions prior to 1.1.1
• SAML SSO – Service Provider – versions prior to 3.1.3
• Responsive Favicons – versions prior to 2.0.2

For more information on these updates, you can follow this URL:

• Drupal Security Advisories

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: Drupal Security Advisory

References

• Drupal Security Advisory. (February 26, 2026). Retrieved from Canadian Centre for Cyber Security.
  https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-175

 

• Drupal Security Advisories. (n.d.). Retrieved from Drupal.
  https://www.drupal.org/security