Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

Related breach coverage

• CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack
  2026-05-23

  Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

• Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
  2026-05-21

  CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek.

• Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
  2026-05-22

  Drupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek.

• Cisco Patches Critical Vulnerability in Secure Workload
  2026-05-21

  Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek.