CISA Adds One Known Exploited Vulnerability to Catalog

CISA Current Activity·22. Mai 2026, 12:00

Originalartikel lesen bei CISA Current Activity

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-9082 Drupal Core SQL Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to...

MITRE ATT&CK Kill Chain (1 Techniken)

Resource Development

T1588.006

Vulnerabilities

Vollständigen Artikel lesen bei CISA Current Activity

8 Quellen berichten

Weitere Quellen

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation
SecurityWeek · vor 7 Tagen
Drupal critical update to fix bug with high exploitation risk
BleepingComputer · vor 6 Tagen
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
The Hacker News · vor 6 Tagen
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
SecurityWeek · vor 5 Tagen
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
SecurityWeek · vor 4 Tagen
+ 2 weitere…

Erwähnte CVEs (1)

CVE-2026-9082MEDIUM(6.5)

KEVEPSS 17%

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.

Details NVD

MITRE ATT&CK Kill Chain (1 Techniken)

Verwandte Artikel