THREATOPS
THREAT OPSCVEs › CVE-2026-9082

CVE-2026-9082 — Drupal Core SQL Injection Vulnerability

CISA KEVExploited: confirmedDrupal

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.

Vulnerability details

Related reporting