EIP-2026-106587

PRE-CVE

Drupal < 5.22/6.16 - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106587. PoCs published by David Rothstein.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Drupal, including XSS, phishing, and security bypass issues, with a specific example URI demonstrating a redirect vulnerability. It lacks functional exploit code but provides technical details about affected versions and attack vectors.

Description

Drupal < 5.22/6.16 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED
by David Rothstein · textwebappsphp
https://www.exploit-db.com/exploits/33706

The provided text describes multiple vulnerabilities in Drupal, including XSS, phishing, and security bypass issues, with a specific example URI demonstrating a redirect vulnerability. It lacks functional exploit code but provides technical details about affected versions and attack vectors.

Classification
Writeup 90%
Attack Type
Xss | Auth Bypass | Other
Complexity
Trivial
Reliability
Theoretical
Target: Drupal 5.x prior to 5.22, Drupal 6.x prior to 6.16
No auth needed
Prerequisites: Access to a vulnerable Drupal instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026