Drupal has released security updates for CVE-2026-9082, a critical flaw in Drupal Core that can enable SQL injection on PostgreSQL-backed sites and may lead to information disclosure, privilege escalation, or remote code execution. The issue affects only Drupal sites using PostgreSQL and can be exploited by anonymous users, with fixes available in multiple supported releases and manual patches provided for end-of-life versions. #Drupal #CVE-2026-9082 #PostgreSQL #Symfony #Twig
Keypoints
- Drupal patched CVE-2026-9082 in Drupal Core.
- The flaw impacts sites using PostgreSQL databases.
- Attackers can trigger arbitrary SQL injection through crafted requests.
- Exploitation may cause information disclosure, privilege escalation, or remote code execution.
- Updates are available for supported versions, with manual patches for Drupal 8 and Drupal 9.
Read More: https://thehackernews.com/2026/05/highly-critical-drupal-core-flaw.html