Intel

AIKIDO-2026-786995

drupal/eca is vulnerable to Information Disclosure

Information DisclosureCVE-2026-15083 Published 3 days ago

34

Low Risk

This Affects:

PHPdrupal/eca
0.0.1 - 2.1.19
Fixed in 2.1.20
3.0.0 - 3.0.11
Fixed in 3.0.12
3.1.0 - 3.1.3
Fixed in 3.1.4
Are you affected? Scan for Free

TL;DR

The Events, Conditions, Actions (ECA) module's Render submodule enables you to build render arrays and render inline Twig templates as part of no-code ECA models. The module doesn't sufficiently sanitize template code when rendering, which can lead to information disclosure.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

drupal/eca is vulnerable to Information Disclosure in versions 0.0.1 - 2.1.19, 3.0.0 - 3.0.11 and 3.1.0 - 3.1.3.

How to fix this

Upgrade the drupal/eca module to the patch version.