Drupal is rolling out an emergency security update on May 20. You cannot miss it

The Drupal Security Team announced an emergency core security update to be released on May 20 (5–9 p.m. UTC) that affects multiple supported branches and may be exploited within hours or days; site administrators are urged to reserve time to apply the patch immediately, update to specified intermediate versions where advised, and plan full upgrades for end-of-life or older versions to reduce exposure.