Home

Description

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0.

PUBLISHED Reserved 2026-06-17 | Published 2026-07-10 | Updated 2026-07-13 | Assigner drupal

Problem types

CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes

Product status

0.0.0 (semver) before 2.0.0
affected

Credits

Drew Webber (mcdruid) finder

Kostia Bohach (_shy) remediation developer

Benji Fisher (benjifisher) coordinator

Drew Webber (mcdruid) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2026-048

cve.org (CVE-2026-12535)

nvd.nist.gov (CVE-2026-12535)

Download JSON