Drupal version 6.2 was released today, fixing a number of bugs and some important security issues. The security flaw is considered to be "moderately critical," and is described on the Drupal website as follows:

The menu system routes page requests to appropriate handlers. It also determines whether a user has access to pages based on several criteria, such as permissions assigned to a role. Drupal 6 features an entirely revised menu system, including changes to the way access is dealt with, which if not properly understood by developers can lead to vulnerabilities. This security release provides a more secure access behaviour by default, and fixes incorrectly set menu items in Drupal core.

Users of Drupal 6.0 or 6.1 are encouraged to upgrade to 6.2 as soon as possible. This security issue doesn't affect users of Drupal's legacy branch, currently at 5.7.