January 18, 2022 · Applied Cybernetics Group
CVE-2020-13671 — Drupal Drupal core
Drupal core Un-restricted Upload of File
- Added to KEV
2022-01-18- Federal due date
2022-07-18- Vendor
- Drupal
- Product
- Drupal core
- EPSS
- 89.3th percentile (score 0.045, as of
2026-06-08) - NVD CVSS v3.1
- —
- Ransomware use
- Unknown
- Upstream
- https://nvd.nist.gov/vuln/detail/CVE-2020-13671
CISA short description
Improper sanitization in the extension file names is present in Drupal core.
Required action
Apply updates per vendor instructions.