SQL Injection Vulnerability in Drupal Core by Drupal
CVE-2026-9082
Key Information:
- Vendor
Drupal
- Status
- Vendor
- CVE Published:
- 20 May 2026
Badges
What is CVE-2026-9082?
CVE-2026-9082 is a significant SQL Injection vulnerability found within the Drupal Core, which is the underlying system for the Drupal content management framework. This vulnerability arises from the improper handling of special characters used in SQL commands, enabling attackers to execute arbitrary SQL queries. Drupal is widely utilized for building and managing websites and digital content, making its security crucial for organizations relying on this platform. If exploited, this vulnerability could allow malicious actors to gain unauthorized access to sensitive data, manipulate database content, and potentially take control over affected systems, leading to severe operational disruptions and data integrity issues.
Potential impact of CVE-2026-9082
-
Data Breach Risk: Exploitation of this vulnerability can lead to unauthorized access to sensitive information stored in the database, increasing the chances of data theft, exposure, or manipulation.
-
System Compromise: Attackers could leverage SQL injection to execute malicious commands or retrieve sensitive data, leading to a full compromise of the application and its hosting environment.
-
Operational Disruption: The successful exploitation of this vulnerability could result in significant downtime, data loss, and resource allocation to recovery efforts, impacting an organization’s reputation and continuity.
CISA has reported CVE-2026-9082
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-9082 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Drupal core 8.9.0 < 10.4.10
Drupal core 10.5.0 < 10.5.10
Drupal core 10.6.0 < 10.6.9
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA orders feds to patch actively exploited Drupal vulnerability
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited.
3 weeks ago
It Security NewsCVE-2026-9082CISA Warns of Drupal Core SQL Injection Vulnerability Exploited in Attacks - IT Security News
CISA has issued an urgent alert regarding a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, which is now being actively exploited in real-world attacks. The flaw, classified under CWE-89, affects Drupal’s database abstraction API and could allow…Read more →
3 weeks ago
References
EPSS Score
33% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by It Security News
Vulnerability published
Vulnerability Reserved