www.securityweek.com 5/22/2026, 5:32:12 PM · external

Drupal Critical SQL Flaw CVE-2026-9082 Prompts Urgent Patch

Drupal Critical SQL Flaw CVE-2026-9082 Prompts Urgent Patch
Developing story vulnerability 6 articles tracked
Drupal Core SQL injection flaw (CVE-2026-9082) exploited in the wild
CyberSIXT Evidence Panel
Primary Source drupal.org
CISA KEV Not in KEV
Patch Patch Status Unknown

DRUPAL has issued a warning regarding CVE-2026-9082, a critical vulnerability that impacts its API for database query sanitization, potentially allowing SQL injection attacks. This flaw can be exploited by unauthenticated attackers, leading to information exposure, privilege escalation, or remote code execution. Approximately 5% of Drupal sites using PostgreSQL might be affected, prompting a quick patch release on May 20.

An uptick in exploitation attempts has been observed, with over 15,000 targeting nearly 6,000 sites globally, predominantly in gaming and financial sectors. Despite the rarity of highly critical vulnerabilities in Drupal in recent years, the risk level for CVE-2026-9082 has now increased, indicating urgent action needed from affected site administrators.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline