Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

The Hacker News·21. Mai 2026, 03:44

Originalartikel lesen bei The Hacker News

Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out...

Vollständigen Artikel lesen bei The Hacker News

8 Quellen berichten

Primärquellen

CISA Adds One Known Exploited Vulnerability to Catalog
CISA Current Activity · vor 4 Tagen

Weitere Quellen

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation
SecurityWeek · vor 7 Tagen
Drupal critical update to fix bug with high exploitation risk
BleepingComputer · vor 6 Tagen
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
SecurityWeek · vor 5 Tagen
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
SecurityWeek · vor 4 Tagen
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The Hacker News · vor 4 Tagen
+ 1 weitere…

Erwähnte CVEs (1)

CVE-2026-9082MEDIUM(6.5)

KEVEPSS 17%

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.

Details NVD

Verwandte Artikel