CVE-2026-58588
CVE-2026-58588 concerns the Drupal Canvas module. The issue is an improper validation of uploaded files: Canvas’s API checks only file extensions, not MIME types, which can allow non-image files to be uploaded and served with image/MIME types in certain server setups, enabling cross‑site scriptin...