CISA has added CVE-2026-9082, a critical SQL injection flaw in Drupal Core, to its KEV catalog after evidence of active exploitation. Imperva reported more than 15,000 attack attempts against nearly 6,000 sites in 65 countries, with gaming and financial services sites among the main targets. #DrupalCore #CVE-2026-9082 #Imperva #CISA
Keypoints
- CISA added CVE-2026-9082 to its Known Exploited Vulnerabilities catalog.
- The flaw is a SQL injection issue affecting all supported Drupal Core versions.
- Successful exploitation could lead to privilege escalation and remote code execution.
- Drupal released fixes just before exploitation was confirmed in the wild.
- Imperva observed over 15,000 attack attempts across nearly 6,000 sites in 65 countries.
Read More: https://thehackernews.com/2026/05/drupal-core-sql-injection-bug-actively.html