The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-9082, a highly critical SQL injection vulnerability in Drupal Core, to its Known Exploited Vulnerabilities (KEV) catalog on May 22, 2026. CVE-2026-9082 stems from a breakdown of input sanitization within Drupal’s PostgreSQL EntityQuery condition handler (pgsql/src/EntityQuery/Condition.php), specifically when processing array structures passed via HTTP requests. Drupal SQL Injection […]
The post CISA Warns of Exploited Drupal SQL Injection Flaw appeared first on Cyber Security News.