Drupal has released critical updates for vulnerability in Drupal 8.x and 7.x. An attacker could exploit this vulnerability and take control over the system.
National CERT recommends all users to apply the updates. For more details please visit Drupal's Security Advisory.