CIRT.GY | Drupal Security Advisory (January 14th, 2026)

Drupal Security Advisory (January 14th, 2026)

Ref# ADV2026_16 | Date: Jan 15th 2026

Drupal published a security advisory highlighting vulnerabilities in the following products on January 13, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated.

Group invite – versions prior to 2.3.9, version 3.0.0 to versions prior to 3.0.4, version 4.0.0 to versions prior to 4.0.4

Role Delegation – version 1.3.0 to versions prior to 1.5.0

AT Internet SmartTag – versions prior to 1.0.1

AT Internet Piano Analytics – versions prior to 1.0.1, version 2.0.0 to versions prior to 2.3.1

Microsoft Entra ID SSO Login – versions prior to 1.0.4

For more information on these updates, you can follow this URL:

Drupal Security Advisories

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: Drupal Security Advisory

References

Drupal Security Advisory (January 14th, 2026). Retrieved from Drupal. https://www.drupal.org/security

Drupal Security Advisory. (January 14th, 2026). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-030