Date: 
2026-July-08
Vulnerability: 
Cross site scripting
Affected versions: 
>=2.0.0 <2.0.17
CVE IDs: 
CVE-2026-15084
Description: 

This module enables you to use Single Directory Components in site building (views, field formatters, blocks, layouts) and it improves the Developer Experience (DX) with SDC.

The module doesn't sufficiently sanitize the markup passed to components under certain scenarios.

This vulnerability is mitigated by the fact that an attacker must be able to create or update content rendered by UI Patterns.

Solution: 

Install the latest version:

Reported By: 
Coordinated By: