CVE-2024-55634

HIGH

Published Dec 10, 2024 Modified Jun 2, 2025 CWE-178 CWE-289

Description

A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

CVSS v3.1 Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Weakness Type (CWE)

CWE-178 CWE-178

CWE-289 CWE-289

Affected Products

Vendor	Product	Versions
drupal	drupal	8.0.0 — 10.2.11
drupal	drupal	10.3.0 — 10.3.9
drupal	drupal	11.0.0 — 11.0.8

References

Advisories & Patches

https://www.drupal.org/sa-core-2024-004

Frequently Asked Questions

What is CVE-2024-55634? +

A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. It has a CVSS v3.1 base score of 8.1 (HIGH).

How severe is CVE-2024-55634? +

CVE-2024-55634 has a CVSS v3.1 score of 8.1 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-55634? +

CVE-2024-55634 affects products from drupal, specifically: drupal. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-55634? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-42273

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host …

CVE-2025-67718

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain …

CVE-2026-42272

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded …

CVE-2026-40453 9.9

The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside …

CVE-2024-5699 9.8

In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by …

CVE-2026-47323 9.8

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy …

Quick Facts

CVSS Score: 8.1
Severity: HIGH
Published: Dec 10, 2024

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2024-55634.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →