CISA Warns Drupal Core SQL Injection Vulnerability Is Being Exploited in Attacks

CISA warns of a critical, actively exploited SQL injection in Drupal Core (CVE-2026-9082) that allows unauthenticated attackers to execute malicious queries potentially leading to privilege escalation, data exposure, and remote code execution; the flaw was added to the KEV catalog and organizations are urged to apply patches, harden database access, and update WAF rules immediately.