Dossier
Drupal Core
Coverage of Drupal Core in the Nexus archive.
- Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
CISA has added a critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core to its KEV catalog due to active exploitation. The flaw affects all supported versions of Drupal Core and carries a CVSS score of 6.5.
- Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a highly critical vulnerability (CVE-2026-9082) in Drupal Core that could allow attackers to achieve remote code execution, privilege escalation, or information disclosure on PostgreSQL sites. The vulnerability has a CVSS score of 6.5 and resides in the database abstraction API.