CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA has added CVE-2026-9082, a Drupal Core SQL Injection Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. This inclusion is part of Binding Operational Directive 22-01, which mandates remediation for federal agencies and urges all organizations to prioritize these vulnerabilities.
IFF Assessment
The addition of a new, actively exploited vulnerability to the KEV catalog means defenders must prioritize patching to mitigate an increased risk of attack.
Severity
SQL Injection vulnerabilities typically have a high CVSS score due to their potential for remote code execution and broad impact. CVE-2026-9082's classification as a Drupal Core SQL Injection Vulnerability suggests it could allow unauthenticated remote attackers to execute arbitrary SQL commands.
CISA KEV: Listed as actively exploited. Federal patch due: May 27, 2026. Known ransomware use: Unknown.
Defender Context
This alert highlights a critical vulnerability that is already being exploited in the wild, increasing the urgency for organizations to patch their Drupal instances. Defenders should monitor for any signs of exploitation and ensure their vulnerability management programs are actively tracking and prioritizing KEV catalog entries.