SECURITYTHE HACKER NEWS
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
CISA has added a critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core to its KEV catalog due to active exploitation. The flaw affects all supported versions of Drupal Core and carries a CVSS score of 6.5.
Mentioned
Related Signal
Adjacent reporting
- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
- CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
- CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
- CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
- April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
- Drupal: Critical SQL injection flaw now targeted in attacks