DRUPAL-CONTRIB-2026-033

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/obfuscate/DRUPAL-CONTRIB-2026-033.json

JSON Data

https://api.test.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-033

Aliases

CVE-2026-6871

Published

2026-04-22T17:47:43Z

Modified

2026-04-22T19:08:01.494711Z

Summary

[none]

Details

This module enables you to obfuscate email addresses in content.

The module doesn't sufficiently sanitize user input via the Twig filter.

This vulnerability is mitigated by the fact that it only affects sites using the ROT13 encoding and where an attacker can enter content that is filtered using the module's Twig filter.

References

https://www.drupal.org/sa-contrib-2026-033

Credits

- Pierre Rudloff (prudloff)
- - https://www.drupal.org/u/prudloff

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/obfuscate

Package

Name: drupal/obfuscate
Purl: pkg:composer/drupal/obfuscate

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2.0.2

Database specific

{
    "constraint": "<2.0.2"
}

Database specific

affected_versions

"<2.0.2"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/obfuscate/DRUPAL-CONTRIB-2026-033.json"