Unrated severityNVD Advisory· Published Feb 4, 2026· Updated Feb 5, 2026
Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007
CVE-2026-1554
Description
XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server allows Privilege Escalation.This issue affects Central Authentication System (CAS) Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.0.3, >=2.1.0 <2.1.2+ 1 more
- (no CPE)range: <2.0.3, >=2.1.0 <2.1.2
- (no CPE)range: 0.0.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.