Platform
drupal
Component
drupal
Fixed in
9.7.0
9.7.1
CVE-2026-3213 identifies a Cross-Site Scripting (XSS) vulnerability within the Drupal Anti-Spam by CleanTalk module. This flaw allows attackers to inject malicious scripts into web pages, potentially leading to data theft or session hijacking. The vulnerability impacts versions of the module prior to 9.7.0. A security update to version 9.7.0 has been released to address this issue.
Successful exploitation of CVE-2026-3213 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser. This can manifest in several ways, including stealing session cookies to impersonate users, redirecting users to malicious websites, or defacing the website. The impact is particularly severe for sites with sensitive user data or those handling financial transactions. Given the module's purpose – spam filtering – attackers might attempt to inject scripts that bypass spam filters, further compromising the site's security. The blast radius extends to all users interacting with pages affected by the XSS vulnerability.
CVE-2026-3213 was publicly disclosed on 2026-03-25. There is currently no indication of active exploitation in the wild, nor are there publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog at the time of writing. The CVSS score of 4.7 indicates a medium level of severity, suggesting a moderate probability of exploitation if a suitable exploit is developed and deployed.
Exploit Status
EPSS
0.03% (9% percentile)
CVSS Vector
The primary mitigation for CVE-2026-3213 is to immediately upgrade the Drupal Anti-Spam by CleanTalk module to version 9.7.0 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing input validation and output encoding on user-supplied data within the module. While not a complete solution, a Web Application Firewall (WAF) configured to detect and block XSS payloads can provide an additional layer of defense. Review Drupal's security best practices for XSS prevention, including enabling HTML filtering and using a Content Security Policy (CSP). After upgrading, verify the fix by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) into a form field and confirming that the script is not executed.
Update the Anti-Spam by CleanTalk module to version 9.7.0 or higher. This version fixes the Cross-Site Scripting (XSS) vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3213 is a medium-severity XSS vulnerability affecting Drupal Anti-Spam by CleanTalk versions before 9.7.0, allowing attackers to inject malicious scripts.
You are affected if you are using Drupal Anti-Spam by CleanTalk version 9.7.0 or earlier. Check your module version and upgrade immediately.
Upgrade the Drupal Anti-Spam by CleanTalk module to version 9.7.0 or later. Consider implementing input validation and output encoding as an interim measure.
There is currently no evidence of active exploitation in the wild, but the vulnerability remains a risk until patched.
Refer to the Drupal security advisory page for the latest information and updates regarding CVE-2026-3213: [https://www.drupal.org/security/advisories/CVE-2026-3213]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your composer.lock file and we'll tell you instantly if you're affected.