Home

Description

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2.

PUBLISHED Reserved 2026-06-17 | Published 2026-07-10 | Updated 2026-07-13 | Assigner drupal

Problem types

CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes

Product status

0.0.0 (semver) before 1.2
affected

Credits

Drew Webber (mcdruid) finder

Anas Mawlawi (anas_maw) remediation developer

Benji Fisher (benjifisher) remediation developer

Drew Webber (mcdruid) remediation developer

Benji Fisher (benjifisher) coordinator

Drew Webber (mcdruid) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2026-049

cve.org (CVE-2026-55809)

nvd.nist.gov (CVE-2026-55809)

Download JSON