Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

Drupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure The post Drupal Vulnerability in Hacker Cross…

CVE-2026-9082 | Drupal PostgreSQL SQL Injection

CVE-2026-9082 is a highly critical SQL injection vulnerability affecting Drupal core sites configured to use PostgreSQL as the backend database. The vulnerability exists in Drupal’s database abstraction API, where specially crafted requests can bypass query sanitization and result in arbitrary SQL injection. The issue is reachable by anonymous users and requires no authentication or prior… Source

CVE-2026-9082: Critical Drupal Core SQL Injection Vulnerability

A highly critical SQL injection vulnerability in Drupal core's database abstraction layer affects sites running PostgreSQL.Key TakeawaysCVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core's database abstraction API that can be exploited by unauthenticated attackers on sites using PostgreSQL.No exploitation has been observed in the wild, but a detection PoC was published on the same day as the advisory and the patch diff…

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek.