Skip to main content

Flag Attendance Field

1 CVEs product

Monthly

CVE-2026-55809 PHP HIGH PATCH This Week

Object injection in the Drupal contrib module Flag attendance field (all versions up to and including 1.2) lets an authenticated user with low privileges pass attacker-controlled data into a dynamically-determined object attribute (CWE-915), enabling PHP object injection and high-impact compromise of data confidentiality and integrity. The Drupal Security Team published advisory SA-CONTRIB-2026-049 and a fixed release is available. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.17%, 7th percentile).

Code Injection Flag Attendance Field
NVD
CVSS 3.1
8.1
EPSS
0.2%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Object injection in the Drupal contrib module Flag attendance field (all versions up to and including 1.2) lets an authenticated user with low privileges pass attacker-controlled data into a dynamically-determined object attribute (CWE-915), enabling PHP object injection and high-impact compromise of data confidentiality and integrity. The Drupal Security Team published advisory SA-CONTRIB-2026-049 and a fixed release is available. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.17%, 7th percentile).

Code Injection Flag Attendance Field
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy