Ref# ADV2026_206 | Date: Apr 2nd 2026

---

Drupal published a security advisory highlighting vulnerabilities in the following product on April 1st, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated.

• SAML SSO – Service Provider – versions prior to 3.1.4

For more information on this update, you can follow these URLs:

• SAML SSO – Service Provider – Critical – Authentication bypass – SA-CONTRIB-2026-031
• Drupal Security Advisories

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary.

PDF Download: Drupal Security Advisory

References

• Drupal Security advisories. (April 1st, 2026). Retrieved from Canadian Centre for Cyber Security
  https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-308
• SAML SSO – Service Provider – Critical – Authentication bypass – SA-CONTRIB-2026-031. (2026, April 1). Drupal.org. https://www.drupal.org/sa-contrib-2026-031
• Security advisories | Drupal.org. (n.d.). https://www.drupal.org/security