Drupal Modules: Critical Vulnerability Leading to Code Execution (CVE-2026-9726) and Information Disclosure (CVE-2026-10768)


This text was generated using artificial intelligence (AI).In late May and early June 2026, the Drupal Security Team published two security advisories for widely used contributed modules. The vulnerabilities affect the following modules: AlternativeCommerce (Basket) and LocalGov Workflows. One of the vulnerabilities, CVE-2026-9726, is classified as high severity and allows for the execution of arbitrary code. Security updates are available for both vulnerabilities, and installing them is a high priority for operators of Drupal instances.

Are my systems affected? Check now →