Ref# ADV2026_151 | Date: Mar 12th 2026

---

Drupal published a security advisory highlighting vulnerabilities in the following products on March 11th, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• Unpublished Node Permissions – versions prior to 1.7.0 

• AI (Artificial Intelligence) – versions prior to 1.1.11 and 1.2.x versions prior to 1.2.12 

 

For more information on these updates, you can follow these URLs: 

• Unpublished Node Permissions – Critical – Access bypass – SA-CONTRIB-2026-029 

• AI (Artificial Intelligence) – Moderately critical – Information Disclosure – SA-CONTRIB-2026-028 

• Drupal Security Advisories 

 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary. 

 PDF Download: Drupal_Security_Advisory

References 

 

• Unpublished Node Permissions – Critical – Access bypass – SA-CONTRIB-2026-029.  (March 11, 2026). Retrieved from Drupal. https://www.drupal.org/sa-contrib-2026-029  

 

• AI (Artificial Intelligence) – Moderately critical – Information Disclosure – SA-CONTRIB-2026-028. (March 11, 2026). Retrieved from Drupal. https://www.drupal.org/sa-contrib-2026-028  

 

• Drupal Security Advisories. (n.b.). Retrieved from Drupal. https://Drupal-library.org/news/vulnerabilities/index.html 

 

• Drupal security advisory. (March 11, 2026). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-225