www.securityweek.com 5/21/2026, 11:01:23 AM · external

Drupal patches PostgreSQL SQL injection flaw CVE-2026-9082

Drupal patches PostgreSQL SQL injection flaw CVE-2026-9082
Developing story vulnerability 6 articles tracked
Drupal Core SQL injection flaw (CVE-2026-9082) exploited in the wild
CyberSIXT Evidence Panel
Primary Source drupal.org
CISA KEV Not in KEV
Patch Patch Status Unknown

DRUPAL has addressed a highly critical vulnerability (CVE-2026-9082) in its CMS, which could allow attackers to exploit PostgreSQL databases through crafted requests, leading to SQL injection risks. The flaw can be exploited without authentication, enabling information retrieval and potential privilege escalation. Patches are available for various Drupal versions, and it is advised to update all dependencies, as other vulnerabilities in Symfony and Twig were also addressed. This is the first highly critical vulnerability in years, contrasting with previous major vulnerabilities like 'Drupalgeddon.'

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline