Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-mb8x-dcy7-5udu
Summary
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.

This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7.
Aliases
0
alias CVE-2026-6366
1
alias GHSA-xmjc-63pr-2mpg
Fixed_packages
0
url pkg:composer/drupal/core@10.5.9
purl pkg:composer/drupal/core@10.5.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.9
1
url pkg:composer/drupal/core@10.6.7
purl pkg:composer/drupal/core@10.6.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.6.7
2
url pkg:composer/drupal/core@11.2.11
purl pkg:composer/drupal/core@11.2.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.11
3
url pkg:composer/drupal/core@11.3.7
purl pkg:composer/drupal/core@11.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.3.7
Affected_packages
0
url pkg:composer/drupal/core@8.0.0
purl pkg:composer/drupal/core@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12yf-8sub-uyhb
1
vulnerability VCID-1d2m-3ycf-3ycf
2
vulnerability VCID-26ck-rher-hfg4
3
vulnerability VCID-28cu-un2e-xub7
4
vulnerability VCID-293a-m7nd-vygb
5
vulnerability VCID-2wdn-8583-v3dg
6
vulnerability VCID-335n-fzp7-k7bc
7
vulnerability VCID-3avj-j2h8-qbhh
8
vulnerability VCID-3y39-quaw-ufe8
9
vulnerability VCID-4bym-pcfj-ykde
10
vulnerability VCID-4sqe-bvj6-pkdq
11
vulnerability VCID-57k5-xdsf-h3ch
12
vulnerability VCID-57nk-7ugd-vucf
13
vulnerability VCID-5ytn-jezc-bfdq
14
vulnerability VCID-6pdz-udxy-ebhy
15
vulnerability VCID-75bq-ccux-afdn
16
vulnerability VCID-7mhn-vstn-bqh5
17
vulnerability VCID-7sar-42a4-kqdy
18
vulnerability VCID-85pr-rrx5-5keu
19
vulnerability VCID-8h75-dgjd-nyc3
20
vulnerability VCID-94he-hr4a-yygs
21
vulnerability VCID-a4ps-1cdu-4ucv
22
vulnerability VCID-a7jg-mx1k-57h3
23
vulnerability VCID-aex1-r4xe-kkaj
24
vulnerability VCID-agxw-t98a-j3bm
25
vulnerability VCID-ajhs-t3zd-6qah
26
vulnerability VCID-aqce-af3u-myd2
27
vulnerability VCID-bha5-1s4u-3bg6
28
vulnerability VCID-bmw2-bvu6-rkev
29
vulnerability VCID-d6bg-1u2b-1qdt
30
vulnerability VCID-daj4-u9em-mbc3
31
vulnerability VCID-e427-q7jy-1uad
32
vulnerability VCID-e4nv-qway-2ygf
33
vulnerability VCID-e569-xntr-mkgm
34
vulnerability VCID-e5uh-sqmj-qyg7
35
vulnerability VCID-ed3c-h2ww-j3gm
36
vulnerability VCID-eje5-fhmg-hbbt
37
vulnerability VCID-fc3m-cktu-7uff
38
vulnerability VCID-fqah-snwt-qfhj
39
vulnerability VCID-ftd8-be73-5bc3
40
vulnerability VCID-fwnm-xws3-8uhz
41
vulnerability VCID-hcvb-4eys-2qg3
42
vulnerability VCID-hdq9-fe9e-93hb
43
vulnerability VCID-hmkt-cwbg-kqh4
44
vulnerability VCID-hs3h-z841-67ge
45
vulnerability VCID-jbd8-jvfd-cbbx
46
vulnerability VCID-jnfd-5ez3-b7d1
47
vulnerability VCID-k48k-jdda-zqbh
48
vulnerability VCID-kepa-chya-sfdb
49
vulnerability VCID-krdz-kyhc-efg5
50
vulnerability VCID-krjp-u36k-17fs
51
vulnerability VCID-kryq-8j5g-d7a6
52
vulnerability VCID-ku79-by46-s3h9
53
vulnerability VCID-mb8x-dcy7-5udu
54
vulnerability VCID-mjjh-e7up-6ubf
55
vulnerability VCID-mntp-ycvs-a7cd
56
vulnerability VCID-mt7b-j5j8-7qdb
57
vulnerability VCID-muhk-wbuy-97bu
58
vulnerability VCID-nhub-1map-n3by
59
vulnerability VCID-nx17-duan-vyak
60
vulnerability VCID-qec2-bj92-pue9
61
vulnerability VCID-qtax-krps-1udn
62
vulnerability VCID-qvsn-ab7h-cqc5
63
vulnerability VCID-rf34-12k7-xbh4
64
vulnerability VCID-s5ak-abr9-vbe6
65
vulnerability VCID-saqq-4efb-affy
66
vulnerability VCID-sbsk-ydyr-kfbt
67
vulnerability VCID-sdue-15dg-4ugt
68
vulnerability VCID-sgub-4xen-bbcy
69
vulnerability VCID-tdsq-5bqr-aufq
70
vulnerability VCID-tf14-rq7e-17av
71
vulnerability VCID-tk5j-xph4-q3e5
72
vulnerability VCID-ufsx-tacm-afg8
73
vulnerability VCID-uhb6-fx8q-cqe5
74
vulnerability VCID-ukak-793e-m3gx
75
vulnerability VCID-v3nf-tw9b-13c1
76
vulnerability VCID-v59c-81z7-q7aw
77
vulnerability VCID-v69x-fke2-h7a6
78
vulnerability VCID-v7ya-c9mf-e7dp
79
vulnerability VCID-vafp-yvad-t3b3
80
vulnerability VCID-vc7s-6p62-bfaw
81
vulnerability VCID-vpn8-qteh-9yhz
82
vulnerability VCID-vrva-c7km-ekda
83
vulnerability VCID-w5a9-jg34-3ubx
84
vulnerability VCID-wn4r-rc6m-xbhy
85
vulnerability VCID-xcck-137u-wyam
86
vulnerability VCID-xgtt-3z1m-b3ag
87
vulnerability VCID-xhgk-sf8f-fuav
88
vulnerability VCID-xsma-2ryf-zqd4
89
vulnerability VCID-xyu6-aqjk-r7g7
90
vulnerability VCID-yj7d-w9vg-23dn
91
vulnerability VCID-yjm8-gadp-jkhr
92
vulnerability VCID-yku8-k9fs-d7c8
93
vulnerability VCID-ypdc-yptn-7qdp
94
vulnerability VCID-zt27-b3qc-fbac
95
vulnerability VCID-zxut-nxke-7fce
96
vulnerability VCID-zymc-a812-1ua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0
1
url pkg:composer/drupal/core@10.6.0
purl pkg:composer/drupal/core@10.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mb8x-dcy7-5udu
1
vulnerability VCID-saqq-4efb-affy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.6.0
2
url pkg:composer/drupal/core@11.0.0
purl pkg:composer/drupal/core@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d2m-3ycf-3ycf
1
vulnerability VCID-1w42-v1sq-fkac
2
vulnerability VCID-227y-mp79-jydd
3
vulnerability VCID-26ck-rher-hfg4
4
vulnerability VCID-4sqe-bvj6-pkdq
5
vulnerability VCID-7sar-42a4-kqdy
6
vulnerability VCID-94he-hr4a-yygs
7
vulnerability VCID-aqce-af3u-myd2
8
vulnerability VCID-e5uh-sqmj-qyg7
9
vulnerability VCID-ggb3-jgrj-hken
10
vulnerability VCID-mb8x-dcy7-5udu
11
vulnerability VCID-nx17-duan-vyak
12
vulnerability VCID-rf34-12k7-xbh4
13
vulnerability VCID-saqq-4efb-affy
14
vulnerability VCID-tdsq-5bqr-aufq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0
3
url pkg:composer/drupal/core@11.3.0
purl pkg:composer/drupal/core@11.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29f2-xku4-b7cs
1
vulnerability VCID-mb8x-dcy7-5udu
2
vulnerability VCID-saqq-4efb-affy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.3.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-6366
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20455
published_at 2026-06-12T12:55:00Z
1
value 0.00082
scoring_system epss
scoring_elements 0.23964
published_at 2026-06-11T12:55:00Z
2
value 0.00087
scoring_system epss
scoring_elements 0.25265
published_at 2026-06-13T12:55:00Z
3
value 0.00087
scoring_system epss
scoring_elements 0.25251
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-6366
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-6366
reference_id CVE-2026-6366
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-6366
3
reference_url https://github.com/advisories/GHSA-xmjc-63pr-2mpg
reference_id GHSA-xmjc-63pr-2mpg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmjc-63pr-2mpg
4
reference_url https://www.drupal.org/sa-core-2026-002
reference_id sa-core-2026-002
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T12:57:29Z/
url https://www.drupal.org/sa-core-2026-002
Weaknesses
0
cwe_id 915
name Improperly Controlled Modification of Dynamically-Determined Object Attributes
description The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-mb8x-dcy7-5udu