Once again, an RCE vulnerability emerges on Drupal’s core. This time it is targeting Drupal 8’s REST module, which is present, although disabled, by default.