{“lastseen”:”2026-05-23T07:31:07″,”description”:”\\n\\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.\\n\\nThe vulnerability in question is **CVE-2026-9082** (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core.\\n\\n\\”Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API,\\” CISA said.\\n\\nNews of exploitation arrives less than two days after Drupal released fixes for the flaw. It’s currently not known how the vulnerability is being exploited, and what the end goals of those attacks are.\\n\\nPatches are available for the following versions -\\n\\n * Drupal 11.3.10\\n * Drupal 11.2.12\\n * Drupal 11.1.10\\n * Drupal 10.6.9\\n * Drupal 10.5.10\\n * Drupal 10.4.10\\n * Drupal 9.5 (Manual patching required)\\n * Drupal 8.9 (Manual patching required)\\n\\n\\n\\nIn an update to its advisory on May 22, 2026, Drupal acknowledged that \\”exploit attempts are now being detected in the wild.\\” Thales-owned Imperva said it has observed over 15,000 attack attempts targeting almost 6,000 individual sites across 65 countries.\\n\\n\\”Attacks are primarily targeting gaming and financial services sites so far, at collectively almost 50% of all attacks,\\” the company said. \\”Most of the observed activity so far appears to be probing.\\”\\n\\n\\”This pattern suggests attackers and scanners are primarily attempting to identify exposed Drupal sites running vulnerable PostgreSQL-backed configurations. While the activity is currently dominated by reconnaissance and validation, the nature of the vulnerability means successful exploitation could quickly move from probing to data extraction or privilege escalation.\\”\\n\\nFederal Civilian Executive Branch (FCEB) agencies have been recommended to apply the fixes by May 27, 2026, for optimal protection.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-05-23T07:23:00″,”modified”:”2026-05-23T07:23:48″,”type”:”thn”,”title”:”Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV”,”source”:””,”references”:””,”id”:”THN:090748905BCD2E05CB2679EBE28F1EAD”,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2026-9082″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/05\/drupal-core-sql-injection-bug-actively.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-23T07:31:07″,”description”:”\\n\\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV)…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,13,7,11,43,5],"class_list":["post-56491","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n