Contact us
Contact us

News

About

Home Crypto News CISA Adds Drupal SQL Injection CVE-2026-9082 to KEV

CISA Adds Drupal SQL Injection CVE-2026-9082 to KEV

Author Whitewallet Research
Posted: 23 May 2026, 08:13 CET 2 min read

CISA added Drupal Core SQL injection CVE-2026-9082 to its Known Exploited Vulnerabilities list after signs of active exploitation; Imperva logged 15,000+ probes against nearly 6,000 sites.

The U.S. Cybersecurity and Infrastructure Security Agency added Drupal Core SQL injection vulnerability CVE-2026-9082 to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation and large-scale probing. The flaw carries a CVSS score of 6.5 and affects all supported versions of Drupal Core.

CISA described the issue as “Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.” SQL injection vulnerabilities let attackers alter database queries and can lead to data theft or remote control of affected servers if exploited.

Drupal released fixes less than two days before CISA’s KEV addition and updated its advisory on May 22, 2026 to report exploit attempts in the wild. Patches are available for Drupal 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10 and 10.4.10; administrators running Drupal 9.5 and 8.9 must apply manual patches.

Security vendor Imperva reported observing more than 15,000 attack attempts targeting almost 6,000 individual sites across 65 countries. The company noted that gaming and financial services sites accounted for nearly half of the attempts and that most of the activity appears to be probing and validation rather than confirmed large-scale compromises.

Researchers observed that scanners are focusing on Drupal installations that use PostgreSQL-backed configurations, indicating attackers are checking for specific deployment patterns that expose the SQL injection. The Federal Civilian Executive Branch was advised to apply available fixes by May 27, 2026.

Operators of affected sites are advised to install released updates or apply manual patches, review logs for suspicious activity, restrict access to administration endpoints, and verify database access controls and backups in case of successful exploitation.

CISA’s KEV listing followed reports of active targeting and widespread scanning. Security teams should monitor vendor advisories for further technical guidance.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE