PT-2026-60391 · Packagist · Drupal Core
CVE-2026-55805
·
Published
2026-07-15
·
Updated
2026-07-15
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The Layout Builder module doesn't sufficiently sanitize block labels in certain scenarios, which can lead to a cross-site scripting (XSS) vulnerability.
This is mitigated by the fact that both the attacker and the targeted user need to be using the Layout Builder editing interface.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Drupal Core