HIGHVulnerability
Verified
Global

CISA KEV: Drupal Core — Drupal Core SQL Injection Vulnerability

·Source: CISA KEV

Updated:

Executive Summary

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.

Analysis

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API. Added to CISA Known Exploited Vulnerabilities catalog on 2026-05-22. Remediation due: 2026-05-27.

Indicators of Compromise (1)

CVE (1)
CVE-2026-9082
NVDMITRE CVE
Source Attribution

Originally published by CISA KEV on May 22, 2026. Verified by: CISA.

Related Threats

LOWVulnerabilityNEW

CISA to allow researchers to report vulnerabilities to exploited bugs catalog

The Cybersecurity and Infrastructure Security Agency (CISA) announced the creation of a nomination form on Thursday that they said enables “researchers, vendors, and industry partners” to report bugs that need to be added to the Known Exploited Vulnerabilities catalog.

The Record
MEDIUMVulnerability

Friday Squid Blogging: Regulating Squid Fishing in the South Pacific

The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Schneier on Security
MEDIUMVulnerability

Europe Again Delays Digital Sovereignty Push

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/europe-again-delays-digital-sovereignty-bill-image_small-1-a-31760.jpg" align=right hspace=4><b>The Package Is Either Not Yet Ready or Bumping Up Against American Objections</b><br>Europe for the third time delayed presenting its long-awaited Tech Sovereignty Package, legislation aimed at weaning the continent off American technol

Bank Info Security