PT-2026-60353 · Packagist · Drupal Core
CVE-2026-15916
·
Publicado
2026-07-15
·
Atualizado
2026-07-15
Nenhuma
Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
The Image module allows you to define and configure image fields.
The module doesn't sufficiently check access to image style derivatives when those files are served via a file stream other than
private://.This vulnerability is mitigated by the fact that Drupal must be configured to use a contributed (non-core) file scheme to serve private derived images.
Information disclosure issues like this one are not generally given security advisories (as described in PSA-2023-07-12)). This fix is provided as a hardening. Contributed modules implementing custom stream wrappers may need to add similar hardenings.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Drupal Core