CVE-2026-9082

Known Exploited (CISA KEV)CRITICAL

9.9

CVSS Severity Score

EPSS Score40.2440%

EPSS Percentile93.21th

PublishedMay 22, 2026

Last ModifiedJun 12, 2026

Vulnerability Description

Drupal Core is vulnerable to Drupal Core SQL Injection Vulnerability. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Platforms (CPE)

📦

Drupal

Core

Refer to description

Related Vulnerabilities

CVE-1999-129310.0

mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which cause...

CVE-1999-108610.0

Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrat...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2001-014410.0

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client...