CISA orders feds to patch actively exploited Drupal vulnerability

**Executive summary:** CISA has ordered immediate remediation for a highly critical, actively exploited unauthenticated SQL injection vulnerability (CVE-2026-9082) in Drupal's database abstraction API affecting PostgreSQL deployments; Shadowserver reports about 670 unpatched instances and exploitation in the wild, with impacts including data disclosure, privilege escalation, and possible remote code execution.