PT-2026-60391 · Packagist · Drupal Core

CVE-2026-55805

·

Published

2026-07-15

·

Updated

2026-07-15

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The Layout Builder module doesn't sufficiently sanitize block labels in certain scenarios, which can lead to a cross-site scripting (XSS) vulnerability.
This is mitigated by the fact that both the attacker and the targeted user need to be using the Layout Builder editing interface.
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-55805
DRUPAL-CORE-2026-012

Affected Products

Drupal Core