Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Drupal 8: Unauthenticated Remote Code Execution via Arbitrary File Upload
MINI-2869-4qvq-c2px
Summary
A vulnerability affects Drupal 8, allowing attackers to execute arbitrary code on a server without needing login credentials. This means a hacker could potentially take control of your website, leading to sensitive data theft or website damage. To protect your site, update to the latest version of Drupal 8 or apply a security patch.
What to do
- Update argocd-fips-3.3 to version 3.3.3-r0.
- Update argocd-fips-3.3-repo-server to version 3.3.3-r0.
- Update argocd-fips-3.3-compat to version 3.3.3-r0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | argocd-fips-3.3 | <= 3.3.3-r0 | 3.3.3-r0 |
| – | argocd-fips-3.3-repo-server | <= 3.3.3-r0 | 3.3.3-r0 |
| – | argocd-fips-3.3-compat | <= 3.3.3-r0 | 3.3.3-r0 |
Original title
MINI-2869-4qvq-c2px
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026