CVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004)

**Executive Summary:** A highly critical SQL injection (CVE-2026-9082) in Drupal core's database abstraction API affects sites using PostgreSQL; unauthenticated attackers can exploit crafted requests to disclose, modify, or delete data, and proof-of-concept and patch diffs were publicly shared the day of disclosure with observed exploitation attempts reported shortly after, prompting coordinated fixes across multiple Drupal releases and inclusion in CISA's KEV.