{"id":1025,"date":"2026-05-23T09:10:02","date_gmt":"2026-05-23T09:10:02","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1025"},"modified":"2026-05-23T09:10:02","modified_gmt":"2026-05-23T09:10:02","slug":"drupal-core-sql-injection-bug-actively-exploited-added-to-cisa-kev","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1025","title":{"rendered":"Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>May 23, 2026<\/span><\/span>Vulnerability \/ Website Security<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added<\/a> a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV<\/a>) catalog, based on evidence of active exploitation.<\/p>\n

The vulnerability in question is CVE-2026-9082<\/b> (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core.<\/p>\n

\u00abDrupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API,\u00bb CISA said.<\/p>\n

News of exploitation arrives less than two days after Drupal released fixes for the flaw. It’s currently not known how the vulnerability is being exploited, and what the end goals of those attacks are.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

Patches are available for the following versions –<\/p>\n