[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fP218D2TtRYdjVNluKR3-B9t32JNSmk9l-LfvBT66s2c":3},{"article":4,"iocs":37},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":24,"category":25,"article_tags":29},"0efd8a27-17af-4ca7-b2a9-aea2c06a7695","Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare","drupal-to-release-urgent-core-security-updates-on-may-20-sites-told-to-prepare-762248","Drupal has issued an alert stating that it intends to release a \"core security release\" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. \"The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,\" the maintainers of the PHP-based content management system (CMS) said. \"Not all configurations are","Drupal announced an imminent core security release scheduled for May 20, 2026 (5-9 p.m. UTC) affecting all supported branches (11.3.x, 11.2.x, 10.6.x, 10.5.x). The Drupal Security Team warns that exploits could be developed within hours or days and urges administrators to prepare by updating to the latest patch before the deadline. While the specific vulnerability details remain undisclosed, the severity is implied by Drupal also releasing patches for end-of-life versions (11.1.x, 10.4.x, 8.9, 9.5) and recommending immediate updates.","Drupal to release urgent core security updates on May 20, 2026 for all supported branches.","Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare Ravie LakshmananMay 19, 2026Vulnerability \u002F Website Security Drupal has issued an alert stating that it intends to release a \"core security release\" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. \"The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,\" the maintainers of the PHP-based content management system (CMS) said. \"Not all configurations are affected. Reserve time on May 20 during the release window to determine whether your sites are affected and in need of an immediate update. Mitigation information will be included in the advisory.\" It's being advised to update to the latest supported patch for the site's version of Drupal before the deadline so that any outstanding upgrade issues can be addressed. Patches are expected to be available for the following supported branches of Drupal core - 11.3.x 11.2.x 10.6.x 10.5.x \"Sites on one of these supported versions should update to the latest patch release for the given branch now in preparation for the security window,\" Drupal said. The exact nature of the security issue being addressed is unknown at this stage, but it's expected to be severe given that Drupal is providing 11.1.x and 10.4.x releases for sites running end-of-life minor core versions. Ahead of the planned update window - Sites on Drupal 11.1 or 11.0 should update to at least Drupal 11.1.9.Sites on Drupal 10.4, 10.3, 10.2, 10.1, or 10.0 should update to at least Drupal 10.4.9. The idea is that these sites should apply the security update as soon as it is released on May 20, and then upgrade to Drupal 11.3 or 10.6 in the near future. For sites still on end-of-life major core versions, such as Drupal 8 and 9, patch files for Drupal 8.9 and 9.5 will need to be applied manually. However, Drupal has warned that there is no guarantee the fixes will work correctly, adding that they may introduce other issues or regressions. \"However, they may help mitigate the vulnerability for sites still on these old major versions until they upgrade to a supported release,\" Drupal said. \"We strongly recommend Drupal 8 or 9 sites update to at least Drupal 10.6 soon. Drupal 8 and 9 include numerous other, previously disclosed, security vulnerabilities that will not be addressed by either Drupal Steward or the best-effort patch files.\" Drupal also noted that Drupal 7 is not affected by the issue. Sites on any version of Drupal 9 are advised to update to 9.5.11, and those on any version of Drupal 8 should update to Drupal 8.9.20. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  content management system, cybersecurity, Drupal, End Of Life, PHP, Security patch, Vulnerability, Website Security ⚡ Top Stories This Week Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI\u002FCD Workflows ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories Microsoft Warns of Two Actively Exploited Defender Vulnerabilities 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective The New Phishing Click: How OAuth Consent Bypasses MFA Developer Workstations Are Now Part of the Software Supply Chain ⭐ Featured Resources Claim ANY.RUN Anniversary Offer for Faster Malware Analysis [Guide] Learn to Detect AI Typosquatting Risks in Your Domain [Guide] Get Key Identity Security Insights From 2026 Snapshot Discover How to Navigate the Era of Constant Cyber Exposure","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Fdrupal-to-release-urgent-core-security.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEjdm6ntsTvJJXoF1Bvx2Qm11faosxt-w7g0VzPCnsORnDN-q79t1wnbzqTFxbkRw5DF1DjhdDUgZ1H_0O4h35tZcEvlsM7dEUkbPyvaQdkEhhyGhpF90Bug4O1aai-0dXi1DdnnOpH2SmC8GoQD0TAd742-StQ4Pva_IVXNUcRpy9V96B7dwBnOc41xScyj\u002Fs1600\u002Fdrupal-update.jpg","2026-05-19T10:44:45+00:00","2026-05-19T14:00:12.12838+00:00",8,[18,21],{"name":19,"type":20},"Drupal","product",{"name":22,"type":23},"PHP","technology","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":24,"icon":26,"name":27,"slug":28},null,"Vulnerabilities","vulnerabilities",[30,35],{"category":31},{"id":32,"icon":26,"name":33,"slug":34},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",{"category":36},{"id":24,"icon":26,"name":27,"slug":28},[]]