securityaffairs.com 5/24/2026, 8:33:26 AM · external

CISA adds Drupal SQL flaw CVE-2026-9082 to KEV catalogue

CISA adds Drupal SQL flaw CVE-2026-9082 to KEV catalogue
Developing story vulnerability 6 articles tracked
Drupal Core SQL injection flaw (CVE-2026-9082) exploited in the wild
CyberSIXT Evidence Panel
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Status Unknown

THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in the Drupal Core, identified as CVE-2026-9082, to its Known Exploited Vulnerabilities catalog. This SQL injection vulnerability, which affects PostgreSQL databases, can be exploited by unauthenticated users to perform attacks such as data disclosure and privilege escalation. Following its discovery, there were over 15,000 exploitation attempts within two days, primarily targeting gaming and financial services.

CISA mandates federal agencies to address this vulnerability by May 27, 2026, while experts advise private organizations to review and secure their systems accordingly.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline