Ref# ADV2026_133 | Date: Mar 5th 2026

---

Drupal published security advisories highlighting vulnerabilities in the following products on March 04^th, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated.

• File Access Fix (deprecated) – versions prior to 1.2.0
• AJAX Dashboard – versions prior to 3.1.0
• Calculation Fields – versions prior to 1.0.4
• Google Analytics GA4 – versions prior to 1.1.13

For more information on these updates, you can follow these URLs:

• File Access Fix (deprecated) – Moderately critical – Access bypass – SA-CONTRIB-2026-021
• AJAX Dashboard – Critical – Access bypass – SA-CONTRIB-2026-022
• Calculation Fields – Moderately critical – Cross-site Scripting – SA-CONTRIB-2026-023
• Google Analytics GA4 – Moderately critical – Cross-site Scripting – SA-CONTRIB-2026-024
• Drupal Security Advisories

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: Drupal Security Advisory

References

• Drupal Security Advisory. (March 04, 2026). Retrieved from Canadian Centre for Cyber Security.
  https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-198

 

• Drupal Security Advisories. (March 04, 2026). Retrieved from Drupal.
  https://www.drupal.org/security