VYPR
Unrated severityNVD Advisory· Published Feb 4, 2026· Updated Feb 5, 2026

Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

CVE-2026-1554

Description

XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server allows Privilege Escalation.This issue affects Central Authentication System (CAS) Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.