CVE-2026-1554

EPSS 0.04%
Veröffentlicht 04.02.2026 20:26:38
Zuletzt bearbeitet 11.02.2026 19:18:19
Quelle mlhess@drupal.org
CVE-Watchlists
Login
Unerledigt
Login

XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server allows Privilege Escalation.This issue affects Central Authentication System (CAS) Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jtenman ≫ Central Authentication System Server SwPlatformdrupal Version < 2.0.3

Jtenman ≫ Central Authentication System Server SwPlatformdrupal Version >= 2.1.0 < 2.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.116

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

https://www.drupal.org/sa-contrib-2026-007

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-1554

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1554

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1554

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1554