Clear your calendar, Drupal user: You have a critically urgent patch to install

Drupal has warned of a highly critical vulnerability in Drupal core and announced an emergency security release scheduled for Wednesday, May 20 (1700–2100 UTC). The flaw is described as trivially easy to exploit with no required privileges and could expose or allow modification/deletion of non-public data; Drupal scored it very high on its severity scale. Patches will be released for current supported branches and several older/unsupported branches (including 8.9 and 9.5), and site operators are urged to patch immediately or at least verify whether their configurations are affected; Drupal Steward customers are partly protected but still advised to update.