{"uuid": "47aed6c7-7d99-4eb2-b92e-ab677073fe57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9082", "type": "seen", "source": "https://t.me/thehackernews/9066", "content": "\ud83d\udea8 Drupal Core SQL injection is now actively exploited.\n\nhttps://thehackernews.com/2026/05/drupal-core-sql-injection-bug-actively.html\n\nCISA added CVE-2026-9082 to its KEV catalog after exploitation was detected in the wild.\n\nImperva observed:\n\u2022 15,000+ attack attempts\n\u2022 Nearly 6,000 targeted sites\n\u2022 Activity across 65 countries\n\u2022 Gaming and financial services sites hit hardest, at nearly 50% of attacks\n\nThe flaw affects all supported Drupal Core versions and could allow privilege escalation and remote code execution via specially crafted requests.\n\nPatch now:\n\u2022 Drupal 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, 10.4.10.\n\u2022 Drupal 9.5 and 8.9 require manual patching.", "creation_timestamp": "2026-05-23T07:26:46.000000Z"}