CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-9082

criticalknown exploitedpublic exploitcovered by 2 sourcesfirst seen 2026-05-20
Actively exploited. CVE-2026-9082 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2026-05-22) — exploitation has been observed in the wild, and US federal agencies are required to remediate it under BOD 22-01. Treat patching as urgent.
Public exploit code is available. Proof-of-concept or working exploit code for CVE-2026-9082 is indexed in Exploit-DB, GitHub PoC and Nuclei. Expect opportunistic scanning and exploitation attempts — prioritize remediation.
Project: Drupal core Date: 2026-May-20 Security risk: Highly critical 23 ∕ 25 AC:None/A:None/CI:All/II:All/E:Exploit/TD:Uncommon Vulnerability: SQL injection Affected versions: >= 8.9.0 < 10.4.10 || >= 10.5.0 < 10.5.10 || >= 10.6.0 < 10.6.9 || >= 11.0.0 < 11.1.10 || >= 11.2.0 < 11.2.12 || >= 11.3.0 < 11.3.10 CVE IDs: CVE-2026-9082 Description: Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks. This vulnerability can be exploited by anonymous users. This SQL injection vulnerability only affects sites using PostgreSQL . However, the third-party dependency updates in these releases apply to all sites. Updates May 22 2026, 04:30 UTC: The risk score has been updated to reflect that exploit attempts are now being detected in the wild. Upstream security advisories The Drupal releases for supported branches (11.3, 11.2, 10.6, and 10.5) in this advisory also include security updates for Symfony and Twig. Those projects have released important Security Advisories that were coordinated with this Drupal release, and Drupal is affected by some of the vulnerabilities. Depending on your site configuration and contrib modules, you may be vulnerable to one or more of these upstream issues, so updating these dependencies is highly recommended whether the SQL Injection vulnerability affects you or not . It is also recommended to review which user roles have the ability to update Twig templates, for example via Views or contributed modules. Solution: Install the latest version. Drupal 11 If you use Drupal 11.3.x, update to Drupal 11.3.10 . If you use Drupal 11.2.x, update to Drupal 11.2.12 . If you use Drupal 11.1.

CSIRTS triage

vendor: Drupalproduct: Drupal coreSQL injectionaffected: >= 8.9.0 < 10.4.10 || >= 10.5.0 < 10.5.10 || >= 10.6.0 < 10.6.9 || >= 11.0.0 < 11.1.10 || >= 11.2.0 < 11.2.12 || >= 11.3.0 < 11.3.10
What
A SQL injection vulnerability allows attackers to execute arbitrary SQL queries.
Who is affected
Deployments of affected Drupal versions using PostgreSQL are at risk.
Urgency
Remediation is critical due to active exploitation and high severity.
Action
Upgrade to a patched version of Drupal core.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-9082

Get an email if CVE-2026-9082 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Exploit availability

Public exploit or proof-of-concept code for CVE-2026-9082 is indexed in these free datasets. Available exploit code raises real-world risk independent of the CVSS score.

Advisory coverage (2)

External references

NVD record for CVE-2026-9082

CVE.org record

CISA KEV catalog

Embed the live status

CVE-2026-9082 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-9082 status](https://www.csirts.com/badge/CVE-2026-9082)](https://www.csirts.com/cve/CVE-2026-9082)