AI description
CVE-2026-9082 is a SQL injection vulnerability found within the database abstraction API of Drupal core. This flaw specifically impacts Drupal websites that utilize PostgreSQL databases. An attacker can exploit this vulnerability by sending specially crafted requests, which can lead to arbitrary SQL injection. Successful exploitation of CVE-2026-9082 can result in information disclosure, and in some cases, privilege escalation or remote code execution. This vulnerability can be exploited by anonymous users. The security updates released for this issue also include fixes for upstream dependencies like Symfony and Twig.
- Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.
- Source
- mlhess@drupal.org
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
20
Kritická zranitelnost v Drupalu (SA-CORE-2026-004, CVE-2026-9082) https://t.co/ewtcPe8zwO
@abclinuxu
21 May 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-9082 Drupal core SQL injection https://t.co/tXNX2vDXek https://t.co/DKlMy016cM
@h4x0r_dz
20 May 2026
15860 Impressions
46 Retweets
266 Likes
105 Bookmarks
0 Replies
0 Quotes
Drupal core highly critical security update (CVE-2026-9082) https://t.co/LzB0UHVh3L
@getpantheon
20 May 2026
218 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes