PT-2026-60353 · Packagist · Drupal Core

CVE-2026-15916

·

Publicado

2026-07-15

·

Atualizado

2026-07-15

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
The Image module allows you to define and configure image fields.
The module doesn't sufficiently check access to image style derivatives when those files are served via a file stream other than private://.
This vulnerability is mitigated by the fact that Drupal must be configured to use a contributed (non-core) file scheme to serve private derived images.
Information disclosure issues like this one are not generally given security advisories (as described in PSA-2023-07-12)). This fix is provided as a hardening. Contributed modules implementing custom stream wrappers may need to add similar hardenings.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Identificadores relacionados

CVE-2026-15916
DRUPAL-CORE-2026-010

Produtos afetados

Drupal Core