Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Updated on May 23, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core.

“Drupal Core…

Read the rest of the story at Read More

Source: The Hacker News

January 27, 2025 Uncategorized

GitHub Desktop Vulnerability Risks Crede...

December 14, 2023 Uncategorized

Reimagining Network Pentesting With Auto...

June 10, 2025 Uncategorized

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Related posts

GitHub Desktop Vulnerability Risks Crede...

Reimagining Network Pentesting With Auto...

Rare Werewolf APT Uses Legitimate Softwa...

Leave a Comment Cancel reply

Recent News

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective