{"uuid": "8b8f9fb4-4e3c-4e6d-95d4-4ee6d5130f96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9082", "type": "seen", "source": "https://gist.github.com/ichintu/359881223056c94c8d0fd97d9eb10797", "content": "CVE\u20112026\u20119082 is a highly critical SQL injection flaw in Drupal Core\u2019s database abstraction API that targets the PostgreSQL EntityQuery condition handler. The vulnerability allows unauthenticated attackers to execute arbitrary SQL commands. It was disclosed on May\u202f24\u202f2026, just a couple of hours and minutes ago. For full details, see the CVE entry () and the related CVE\u20112005 report (). Additional context is available in the article ().", "creation_timestamp": "2026-05-24T16:00:44.000000Z"}