Critical Drupal vulnerability with an active exploit

All owners and admin of Drupal 8 sites: please read: 

According to, there are over 85000 active Drupal sites. Perhaps not all of them are version 8, but could be a significant number. And we can only assume many would have enabled API access or installed modules that make them vulnerable to the latest vulnerability ‘Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003’, as explained on the Drupal Security Advisory:

The vulnerability has been fixed in Drupal 8.6.10 and 8.6.11. 

We advise all to patch as soon as possible to prevent losing your Drupal site.  


Foresight Cyber

71-75 Shelton Street 

Covent Garden



United Kingdom

+44 208 159 8942


VAT: GB144735213 

Company number: 06871193 

D-U-N-S number: 211601017

UK ICO number: 00011202777

Privacy Policy


  • LinkedIn
  • Twitter
  • YouTube
  • Vimeo

Copyright © 2009 -2020 Foresight Cyber Ltd. All rights reserved. Foresight Cyber are registered trademarks. Foresight Cyber Ltd is a company registered in England and Wales. Registered No: 06871193. Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom