Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
Summary
CISA has added a critical SQL injection vulnerability in Drupal Core, CVE-2026-9082, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, with a CVSS score of 6.5, is actively being exploited in the wild and affects all supported versions of Drupal Core.
IFF Assessment
The active exploitation of a critical vulnerability in a widely used content management system poses a significant threat to organizations that rely on Drupal for their web presence.
Severity
The CVSS score of 6.5 indicates a moderate to high severity, reflecting the potential for attackers to inject malicious SQL code to manipulate the database, potentially leading to data theft or unauthorized access.
CISA KEV: Listed as actively exploited. Federal patch due: May 27, 2026. Known ransomware use: Unknown.
Defender Context
Defenders must prioritize patching or mitigating this SQL injection vulnerability in Drupal Core immediately, as it is already being actively exploited. Organizations should also review their systems for any signs of compromise related to this CVE and ensure robust input validation and parameterized queries are in place to prevent future SQL injection attacks.