Skip to content
The Nexus
DossierENTITY

Drupal

Coverage of Drupal in the Nexus archive.

Earliest in view: May 19 · 10:44 UTCMost recent: May 26 · 08:46 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 26 · 08:46 UTCBLEEPING COMPUTER
    CISA orders feds to patch actively exploited Drupal vulnerability

    CISA has directed U.S. federal agencies to patch an SQL injection vulnerability in the Drupal CMS by Wednesday evening, as it is currently being actively exploited. The order emphasizes urgent action to secure government servers against potential attacks.

  • SECURITYMay 22 · 13:14 UTCBLEEPING COMPUTER
    Drupal: Critical SQL injection flaw now targeted in attacks

    Drupal has issued a critical warning about a severe SQL injection vulnerability that is now being actively exploited by hackers. The flaw was announced earlier this week and poses significant security risks to systems running the platform.

  • SECURITYMay 21 · 03:44 UTCTHE HACKER NEWS
    Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

    Drupal has released security updates for a highly critical vulnerability (CVE-2026-9082) in Drupal Core that could allow attackers to achieve remote code execution, privilege escalation, or information disclosure on PostgreSQL sites. The vulnerability has a CVSS score of 6.5 and resides in the database abstraction API.

  • SECURITYMay 20 · 12:52 UTCBLEEPING COMPUTER
    Drupal critical update to fix bug with high exploitation risk

    Drupal has announced a core security release to fix a critical bug with high exploitation risk, warning that threat actors might develop exploits within hours of the update disclosure. The update is scheduled for later today. This bug poses a significant risk to Drupal users.

  • SECURITYMay 19 · 15:56 UTCTHE REGISTER
    Clear your calendar, Drupal user: You have a critically urgent patch to install

    A critical vulnerability has been found in Drupal core, prompting the Drupal Security Team to warn users to install a patch immediately. The vulnerability is highly severe and could allow attackers to access or modify non-public data on affected sites. Patches will be released on Wednesday for all supported core branches.

  • SECURITYMay 19 · 10:44 UTCTHE HACKER NEWS
    Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

    Drupal will release urgent core security updates on May 20, 2026, and is advising sites to prepare for the update. The Drupal Security Team warns that exploits may be developed within hours or days. Sites are urged to reserve time for core updates from 5-9 p.m. UTC.

Drupal · Dossier · The Nexus