DRUPAL-CONTRIB-2026-075

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/ui_patterns/DRUPAL-CONTRIB-2026-075.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-075
Aliases
  • CVE-2026-15084
Published
2026-07-08T17:17:41Z
Modified
2026-07-08T19:00:04.548811291Z
Summary
[none]
Details

This module enables you to use Single Directory Components in site building (views, field formatters, blocks, layouts) and it improves the Developer Experience (DX) with SDC.

The module doesn't sufficiently sanitize the markup passed to components under certain scenarios.

This vulnerability is mitigated by the fact that an attacker must be able to create or update content rendered by UI Patterns.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/ui_patterns

Package

Name
drupal/ui_patterns
Purl
pkg:composer/drupal/ui_patterns

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.17
Database specific
{
    "constraint": ">=2.0.0 <2.0.17"
}

Database specific

affected_versions
">=2.0.0 <2.0.17"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/ui_patterns/DRUPAL-CONTRIB-2026-075.json"