There will be a security release of Drupal Core 8.9.x, and 9.1.x on May 26th, 2021 between 16:00 - 18:00 UTC. This Public Service Advisory is to notify that the Drupal core release is outside of the regular schedule of security releases. For all security updates, the Drupal Security Team urges you to reserve time for core updates at that time because there is some risk that exploits might be developed within hours or days. Security release announcements will appear on the Drupal.org security advisory page.

The security risk of the advisory is currently rated as Moderately Critical.
This is not a mass-exploitable vulnerability as far as the security team is currently aware.

Given that this is a moderately critical vulnerability and is not believed to be mass exploitable it is not covered by Drupal Steward partners.