{"id":"DRUPAL-CONTRIB-2026-033","details":"This module enables you to obfuscate email addresses in content.\n\nThe module doesn't sufficiently sanitize user input via the Twig filter.\n\nThis vulnerability is mitigated by the fact that it only affects sites using the ROT13 encoding and where an attacker can enter content that is filtered using the module's Twig filter.","aliases":["CVE-2026-6871"],"modified":"2026-04-22T19:08:01.494711Z","published":"2026-04-22T17:47:43Z","references":[{"type":"WEB","url":"https://www.drupal.org/sa-contrib-2026-033"}],"affected":[{"package":{"name":"drupal/obfuscate","ecosystem":"Packagist:https://packages.drupal.org/8","purl":"pkg:composer/drupal/obfuscate"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.2"}],"database_specific":{"constraint":"\u003c2.0.2"}}],"database_specific":{"affected_versions":"\u003c2.0.2","source":"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/obfuscate/DRUPAL-CONTRIB-2026-033.json"}}],"schema_version":"1.7.5","credits":[{"name":"Pierre Rudloff (prudloff)","contact":["https://www.drupal.org/u/prudloff"]}]}