Advisories 26 May 2026 / 0 Comments

Drupal Core SQL Injection Under Active Mass Exploitation Added to CISA KEV (CVE-2026-9082)

Scope: Drupal Core (All Supported Versions Using PostgreSQL Backend)

Severity: Red

A highly critical SQL injection vulnerability (internal severity score 23 out of 25) in Drupal Core's PostgreSQL database abstraction API allows unauthenticated remote attackers to inject arbitrary SQL commands by manipulating array keys in HTTP requests via JSON:API and Views endpoints, enabling privilege escalation, sensitive data extraction, and potential remote code execution. Active exploitation began within 48 hours of the patch release on May 20, 2026, with Imperva tracking over 15,000 attack attempts against nearly 6,000 Drupal sites across 65 countries within two days, prompting CISA to add it to the KEV catalog with a federal remediation deadline of May 27, 2026. Organizations must immediately apply Drupal's SA-CORE-2026-004 patch for their branch, noting that MySQL, MariaDB, and SQLite backends are not affected, and deploy WAF rules targeting JSON:API and Views request patterns as an additional layer of defense.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

Drupal Core SQL Injection Under Active Mass Exploitation Added to CISA KEV (CVE-2026-9082)

Trend Micro Apex One Directory Traversal Zero-Day Added to CISA KEV (CVE-2026-34926)

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

Drupal Core SQL Injection Under Active Mass Exploitation Added to CISA KEV (CVE-2026-9082)

RELATED ADVISORIES

Trend Micro Apex One Directory Traversal Zero-Day Added to CISA KEV (CVE-2026-34926)

Recent Advisories

Categories