SECURITYTHE HACKER NEWS
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a highly critical vulnerability (CVE-2026-9082) in Drupal Core that could allow attackers to achieve remote code execution, privilege escalation, or information disclosure on PostgreSQL sites. The vulnerability has a CVSS score of 6.5 and resides in the database abstraction API.