CVE-2026-9082: Highly Critical Drupal Core SQL Injection Flaw Threatens PostgreSQL Sites

Drupal disclosed CVE-2026-9082, a PostgreSQL-specific SQL injection in Drupal Core's database abstraction API exploitable by anonymous users; successful exploitation can disclose sensitive data and, depending on configuration, lead to privilege escalation or remote code execution. Drupal published fixed releases for affected branches (e.g., 11.3.10, 10.6.9, etc.) and advises immediate patching, inventorying sites for PostgreSQL, and prioritizing public-facing installations while no public PoC or wide exploit telemetry has been published.