DRUPAL has addressed a highly critical vulnerability (CVE-2026-9082) in its CMS, which could allow attackers to exploit PostgreSQL databases through crafted requests, leading to SQL injection risks. The flaw can be exploited without authentication, enabling information retrieval and potential privilege escalation. Patches are available for various Drupal versions, and it is advised to update all dependencies, as other vulnerabilities in Symfony and Twig were also addressed. This is the first highly critical vulnerability in years, contrasting with previous major vulnerabilities like 'Drupalgeddon.'
Drupal patches PostgreSQL SQL injection flaw CVE-2026-9082
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Drupal SQL Injection Bug Exploited Live, Extortion Tactics Surge
cybersixt.com
-
CISA adds Drupal SQL flaw CVE-2026-9082 to KEV catalogue
cybersixt.com
-
Critical Drupal SQLi flaw exposes thousands of PostgreSQL sites
cybersixt.com
-
Drupal Core Critical Flaw CVE-2026-9082 Allows RCE
cybersixt.com
-
Drupal Critical SQL Flaw CVE-2026-9082 Prompts Urgent Patch
cybersixt.com
-
Drupal patches PostgreSQL SQL injection flaw CVE-2026-9082
www.securityweek.com