CVE-2018-7600
Drupal Core Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
100.0%EPSS · 30 days100.0%
2026-06-302026-07-16
Product
Drupal / Drupal Core
Vulnerability
Drupal Core Remote Code Execution Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
Yes
Summary description
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-7600
No related CVEs by CWE or product.