Skip to main content

Tealium Iq Tag Management

1 CVEs product

Monthly

CVE-2026-13244 PHP HIGH PATCH This Week

Object injection in the Drupal Tealium iQ Tag Management contributed module (versions before 2.4.0) lets authenticated attackers manipulate dynamically-determined object attributes to compromise data confidentiality and integrity. Because the CVSS vector (AV:N/AC:L/PR:L) indicates a low-privileged authenticated user over the network, any user with a foothold on the site can potentially abuse the flaw; there is no public exploit identified at time of analysis and the EPSS probability is low (0.42%). Drupal has published advisory SA-CONTRIB-2026-064 and released a fixed version.

Code Injection Tealium Iq Tag Management
NVD
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Object injection in the Drupal Tealium iQ Tag Management contributed module (versions before 2.4.0) lets authenticated attackers manipulate dynamically-determined object attributes to compromise data confidentiality and integrity. Because the CVSS vector (AV:N/AC:L/PR:L) indicates a low-privileged authenticated user over the network, any user with a foothold on the site can potentially abuse the flaw; there is no public exploit identified at time of analysis and the EPSS probability is low (0.42%). Drupal has published advisory SA-CONTRIB-2026-064 and released a fixed version.

Code Injection Tealium Iq Tag Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy