Quickfire Cyber Bulletin June 5, 2026
← Back

CVE-2018-7600

Drupal Core Remote Code Execution Vulnerability

High

Description

Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.

Scores & Signals

EPSS score 0.9449 (100.0th percentile)
CISA KEV Yes — actively exploited (added 2021-11-03) · due 2022-05-03
Affected Drupal Drupal Core

Sources

External references

Risk scores are deterministic, based on public signals only. They are informational context, not a final verdict. Always consult vendor advisories before taking action.