The Drupal Security Team has officially released SA-CORE-2026-004, patching a highly critical SQL injection vulnerability (CVE-2026-9082) that affects Drupal core’s database abstraction API across nearly all supported and legacy versions. Rated 20 out of 25 on Drupal’s severity scale with the attack vector profile AC:None/A:None/CI:All/II:All/E:Theoretical/TD: Uncommon, the flaw requires zero authentication to exploit and can expose the full confidentiality […]
The post Critical Drupal Core Vulnerability Exposes Websites to Attacks appeared first on Cyber Security News.