Thehackernews
Critical SQL Injection Vulnerability in Drupal Core Actively Exploited
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core has been identified, affecting multiple supported versions. The vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary SQL queries, leading to potential information disclosure and privilege escalation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that this flaw is being actively exploited in the wild and has added it to its Known Exploited Vulnerabilities (KEV) catalog. Users of affected Drupal versions are urged to update immediately to the latest patched versions to mitigate risks. The vulnerability impacts Drupal core versions from 8.9.0 to 11.3.10. CISA's alert emphasizes the urgency of addressing this flaw to protect organizations from potential attacks.
Key Points: • CVE-2026-9082 is a critical SQL injection vulnerability in Drupal Core with a CVSS score of 9.8. • The vulnerability allows unauthenticated attackers to execute malicious SQL queries, risking data exposure. • CISA has confirmed active exploitation and added the vulnerability to its Known Exploited Vulnerabilities catalog.