HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical SQL Injection in Drupal Core (CVE‑2026‑9082) Added to CISA KEV Catalog Threatens PostgreSQL‑Backed Sites

CISA has placed Drupal Core CVE‑2026‑9082—a critical SQL injection affecting PostgreSQL‑backed sites—in its Known Exploited Vulnerabilities catalog after thousands of attacks were recorded across 65 countries. The flaw enables unauthenticated attackers to steal data, elevate privileges, or execute code, posing a high supply‑chain risk for organizations that host or depend on Drupal.

LiveThreat™ Intelligence · 📅 May 24, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
securityaffairs.com

Critical SQL Injection in Drupal Core (CVE‑2026‑9082) Added to CISA KEV Catalog Threatens PostgreSQL‑Backed Sites

What It Is – Drupal Core contains a high‑severity SQL injection (CVE‑2026‑9082) that allows unauthenticated attackers to inject arbitrary SQL on sites using PostgreSQL. The flaw resides in the query‑sanitisation API and can lead to data leakage, privilege escalation, or remote code execution.

Exploitability – CVSS 9.8 (Critical). CISA placed the flaw in its Known Exploited Vulnerabilities (KEV) catalog after observing thousands of exploitation attempts in the wild within 48 hours of disclosure. Public PoCs and scanner signatures are already available.

Affected Products – Drupal Core (all versions prior to the May 20 2026 patch) when configured with PostgreSQL as the backend database.

TPRM Impact – Organizations that rely on Drupal for public‑facing portals, intranets, or as a SaaS component face immediate supply‑chain risk. Compromise of a Drupal instance can expose customer data, credentials, and internal services, potentially cascading to downstream partners.

Recommended Actions

  • Verify that all Drupal installations are running the May 20 2026 security patch (or later).
  • Immediately apply the patch to any unpatched Drupal sites, prioritising those using PostgreSQL.
  • Conduct a rapid inventory of third‑party services that host Drupal‑based applications and confirm patch status.
  • Deploy Web Application Firewalls (WAF) with rules to block the known malicious request patterns identified by Imperva.
  • Review database logs for anomalous queries indicative of exploitation attempts.

Source: Security Affairs

📰 Original Source
https://securityaffairs.com/192566/uncategorized/u-s-cisa-adds-a-flaw-in-drupal-core-to-its-known-exploited-vulnerabilities-catalog.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →