Drupal
Coverage of Drupal in the Nexus archive.
- CISA orders feds to patch actively exploited Drupal vulnerability
CISA has directed U.S. federal agencies to patch an SQL injection vulnerability in the Drupal CMS by Wednesday evening, as it is currently being actively exploited. The order emphasizes urgent action to secure government servers against potential attacks.
- Drupal: Critical SQL injection flaw now targeted in attacks
Drupal has issued a critical warning about a severe SQL injection vulnerability that is now being actively exploited by hackers. The flaw was announced earlier this week and poses significant security risks to systems running the platform.
- Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a highly critical vulnerability (CVE-2026-9082) in Drupal Core that could allow attackers to achieve remote code execution, privilege escalation, or information disclosure on PostgreSQL sites. The vulnerability has a CVSS score of 6.5 and resides in the database abstraction API.
- Drupal critical update to fix bug with high exploitation risk
Drupal has announced a core security release to fix a critical bug with high exploitation risk, warning that threat actors might develop exploits within hours of the update disclosure. The update is scheduled for later today. This bug poses a significant risk to Drupal users.
- Clear your calendar, Drupal user: You have a critically urgent patch to install
A critical vulnerability has been found in Drupal core, prompting the Drupal Security Team to warn users to install a patch immediately. The vulnerability is highly severe and could allow attackers to access or modify non-public data on affected sites. Patches will be released on Wednesday for all supported core branches.
- Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
Drupal will release urgent core security updates on May 20, 2026, and is advising sites to prepare for the update. The Drupal Security Team warns that exploits may be developed within hours or days. Sites are urged to reserve time for core updates from 5-9 p.m. UTC.