Drupal says it is already seeing exploitation attempts against CVE-2026-9082, a highly critical flaw affecting an API used to prevent SQL injection in PostgreSQL-backed sites. Imperva has observed more than 15,000 attempts targeting nearly 6,000 sites worldwide, with the activity focused largely on reconnaissance and validation. #Drupal #CVE-2026-9082 #Imperva #PostgreSQL
Keypoints
- Drupal has warned that CVE-2026-9082 is already being actively targeted.
- The flaw affects an API meant to sanitize database queries against SQL injection.
- Unauthenticated attackers can use the issue to inject SQL on PostgreSQL sites.
- Exploitation may lead to information disclosure, privilege escalation, or remote code execution.
- Imperva detected more than 15,000 attempts across nearly 6,000 sites in 65 countries.
Read More: https://www.securityweek.com/drupal-vulnerability-in-hacker-crosshairs-shortly-after-disclosure/