Information disclosure in Drupal - CVE-2026-15916
Published: July 17, 2026
Drupal
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the Image module does not sufficiently check access to image style derivatives when those files are served via a file stream other than private://. A remote attacker can gain unauthorized access to sensitive information on the system.