A vulnerability labeled as problematic has been found in Drupal Canvas up to 1.4.1/1.5.1/1.6.0/1.7.0. This impacts an unknown function. Executing a manipulation can lead to cross site scripting.

This vulnerability is handled as CVE-2026-58587. The attack can be executed remotely. There is not any exploit available.