CVE-2026-0749

🗓️ 28 Jan 2026 18:56:05Reported by drupalType

CVE-2026-0749 XSS in Drupal Form Builder module; affects Drupal 7.x-1.0 through 7.x-1.22.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-0749	28 Jan 202618:56	–	attackerkb
CNNVD	Drupal Form Builder security vulnerabilities	28 Jan 202600:00	–	cnnvd
Cvelist	CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module	28 Jan 202618:56	–	cvelist
EUVD	EUVD-2026-4876	28 Jan 202618:56	–	euvd
NVD	CVE-2026-0749	28 Jan 202619:16	–	nvd
OSV	CVE-2026-0749	28 Jan 202619:16	–	osv
Positive Technologies	PT-2026-5189	28 Jan 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module	28 Jan 202618:56	–	vulnrichment

NVD

Node

silence form_builderRange7.x-1.0–7.x-1.22drupal

[
  {
    "collectionURL": "https://www.drupal.org/project/form_builder",
    "defaultStatus": "unaffected",
    "packageName": "Form Builder",
    "product": "Drupal",
    "repo": "https://git.drupalcode.org/project/form_builder",
    "vendor": "Drupal",
    "versions": [
      {
        "lessThanOrEqual": "7.x-1.22",
        "status": "affected",
        "version": "7.x-1.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
d7es	www.d7es.tag1.com/security-advisories/form-builder-less-critical-cross-site-scripting
herodevs	www.herodevs.com/vulnerability-directory/cve-2026-0749

09 Mar 2026 14:39Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.1

CVSS 44.8

EPSS0.00016

SSVC

CWE-79