securityaffairs.com 5/23/2026, 5:30:56 PM · external

Critical Drupal SQLi flaw exposes thousands of PostgreSQL sites

Critical Drupal SQLi flaw exposes thousands of PostgreSQL sites
Developing story vulnerability 6 articles tracked
Drupal Core SQL injection flaw (CVE-2026-9082) exploited in the wild
CyberSIXT Evidence Panel
Primary Source drupal.org
CISA KEV Listed in KEV
Patch Patch Status Unknown

DRUPAL has issued a critical security patch for a SQL injection vulnerability (CVE-2026-9082) that allows unauthorized attackers to compromise PostgreSQL-based sites. Exploit attempts were observed within 48 hours post-release, targeting nearly 6,000 sites across 65 countries, primarily in the gaming and financial sectors. Although only about 5% of Drupal installations use PostgreSQL, the widespread nature of the web means thousands are still at risk.

The vulnerability can lead to serious issues including data disclosure and remote code execution. Administrators of affected sites are urged to apply the patch immediately.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline