Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Drupal 8 and 9: Unauthorized File Uploads via Malicious ZIP Files
MINI-9hqj-7fhr-g3wv
Summary
A security issue exists in Drupal 8 and 9 that allows attackers to upload unauthorized files, potentially leading to security breaches. This issue affects Drupal websites and can be exploited by attackers who upload malicious ZIP files. To protect your site, update your Drupal version to the latest patch release.
What to do
- Update velero to version 1.18.0-r0.
- Update velero-restore-helper to version 1.18.0-r0.
- Update velero-compat to version 1.18.0-r0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | velero | <= 1.18.0-r0 | 1.18.0-r0 |
| – | velero-restore-helper | <= 1.18.0-r0 | 1.18.0-r0 |
| – | velero-compat | <= 1.18.0-r0 | 1.18.0-r0 |
Original title
MINI-9hqj-7fhr-g3wv
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026