HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical SQL Injection in Drupal Core (CVE‑2026‑9082) Actively Exploited, Added to CISA KEV

A critical SQL‑injection flaw (CVE‑2026‑9082) affecting all supported Drupal Core versions has been added to CISA's KEV catalog after evidence of active exploitation. Organizations that rely on Drupal‑powered websites—whether hosted internally or by third‑party providers—must treat this as a high‑priority supply‑chain risk.

LiveThreat™ Intelligence · 📅 May 23, 2026· 📰 thehackernews.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
5 recommended
📰
Source
thehackernews.com

Critical SQL Injection in Drupal Core (CVE‑2026‑9082) Actively Exploited, Added to CISA KEV

What It Is – A newly disclosed SQL‑injection flaw (CVE‑2026‑9082) affects all supported releases of Drupal Core. The vulnerability allows an unauthenticated attacker to inject arbitrary SQL commands, potentially exposing or modifying site data.

Exploitability – CISA has placed the bug in its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. A proof‑of‑concept exploit has been published, and the CVSS base score is 6.5 (Medium).

Affected Products – Drupal Core (all supported versions, including 9.x, 10.x, and the latest 11.x release).

TPRM Impact – Many enterprises rely on Drupal‑powered public‑facing sites, portals, and intranets supplied by third‑party agencies or SaaS providers. A breach could cascade to partner data, customer‑facing applications, and downstream services, raising supply‑chain risk.

Recommended Actions

  • Verify that the latest Drupal security patch (released 2026‑05‑20) is applied to every Drupal instance.
  • Conduct an immediate inventory of all Drupal‑based assets across your vendor ecosystem.
  • Run web‑application firewalls (WAF) with rules that block typical SQL‑i payloads for any unpatched sites.
  • Request proof of remediation from third‑party service providers that host or manage Drupal sites on your behalf.
  • Update your vulnerability‑management program to treat KEV‑listed items as “high‑priority” for 48‑hour remediation.

Source: The Hacker News – Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

📰 Original Source
https://thehackernews.com/2026/05/drupal-core-sql-injection-bug-actively.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →