Skip to main content

Drupal Core CVE-2026-55807

| EUVDEUVD-2026-43084 LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-10 drupal GHSA-qrwq-jwq3-8cc8
3.1
CVSS 3.1 · Vendor: drupal

Severity by source

Vendor (drupal) PRIMARY
3.1 LOW
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
3.1 LOW

Network-reachable SSRF gated on authenticated low-privilege access and specific feature conditions (AC:H); impact confined to low confidentiality via internal resource probing with no integrity or availability consequence.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (drupal).

CVSS VectorVendor: drupal

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
Jul 13, 2026 - 19:50 vuln.today
CVSS changed
Jul 13, 2026 - 19:22 NVD
3.1 (LOW)
Patch available
Jul 10, 2026 - 23:02 EUVD
CVE Published
Jul 10, 2026 - 21:46 cve.org
LOW 3.1
CVE Published
Jul 10, 2026 - 21:46 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*.

AnalysisAI

Server-Side Request Forgery in Drupal Core allows authenticated low-privilege users to coerce the application server into issuing unauthorized HTTP requests to internal or restricted network destinations. All active 10.6.x and 11.x release branches are affected, along with end-of-life 11.0.x and 11.1.x branches, covering a broad swath of production Drupal deployments. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Drupal with low-privilege account
Delivery
Locate vulnerable feature triggering server-side HTTP request
Exploit
Submit crafted input containing internal target URL
Execution
Drupal server issues unauthorized HTTP request to internal endpoint
Impact
Retrieve sensitive response data from internal resource

Vulnerability AssessmentAI

Exploitation Exploitation requires an active authenticated session with at least low-privilege Drupal role access (PR:L per CVSS vector) - unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 3.1 (Low) accurately reflects the constrained attack surface: High Attack Complexity (AC:H) implies specific preconditions beyond authentication alone, and Low Privilege Required (PR:L) rules out unauthenticated exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Drupal user with a low-privilege editorial or contributor role submits crafted input embedding an internal URL - such as http://169.254.169.254/latest/meta-data/ or http://internal-api.corp/admin - through a Drupal feature that performs server-side HTTP requests (such as feed aggregation, remote media fetching, or a similar subsystem). The Drupal server issues the request on the attacker's behalf and returns the response, exposing instance credentials or internal service data to the attacker. …
Remediation Apply the vendor-released patches per Drupal Security Advisory SA-CORE-2026-008 at https://www.drupal.org/sa-core-2026-008. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55807 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy