Drupal critical update to fix bug with high exploitation risk

Drupal announced a critical core security release scheduled for May 20 (17:00–21:00 UTC) affecting Drupal core 8 and later and strongly urged administrators to update (recommended minimum: 10.6). Security updates will be provided for multiple 10.x/11.x releases, with hotfixes available for certain end-of-life 8.9 and 9.5 builds; no technical details have been published and Drupal warned that threat actors could develop exploits within hours, so sites should monitor the official security portal and apply updates immediately.