What does upgrading Drupal 10.3.14 to 10.4.10 fix?

Upgrading Drupal from 10.3.14 to 10.4.10 clears 5 known vulnerabilities (1 critical), including 1 under active exploitation (CISA KEV). 2 known issues remain in 10.4.10.

← Drupal

Drupal: 10.3.14 → 10.4.10

Drupal · upgrade impact · Official site ↗

From10.3.147 known issues To10.4.102 known issues

Fixed by upgrading to 10.4.10 iVulnerabilities that affect 10.3.14 but no longer affect 10.4.10 — the security gain from this upgrade, by exploited status then exploitation probability.

Exploited first, then by exploitation probability (EPSS).

CVE-2026-9082 CRITICAL ● exploited EPSS 10% ✓ cleared in 10.4.10 CVE-2025-13081 MEDIUM EPSS 0% ✓ cleared in 10.4.10 CVE-2025-13080 MEDIUM EPSS 0% ✓ cleared in 10.4.10 CVE-2025-13082 MEDIUM EPSS 0% ✓ cleared in 10.4.10 CVE-2025-13083 LOW EPSS 0% ✓ cleared in 10.4.10

Still open in 10.4.10 iKnown vulnerabilities that affect 10.4.10 too — upgrading to it does not clear these.

These affect 10.4.10 as well — a later release may be needed.

CVE-2026-6366 MEDIUM EPSS 0% → fixed in 11.3.7 CVE-2026-6365 MEDIUM EPSS 0% → fixed in 11.3.7