CVE-2026-9082: Critical Drupal SQL Injection Vulnerability Affects PostgreSQL Deployments

Executive summary: CVE-2026-9082 is a highly critical, unauthenticated SQL injection in Drupal's PostgreSQL EntityQuery condition handler that has been publicly disclosed, patched across supported branches, added to CISA's Known Exploited Vulnerabilities catalog, and observed in active exploitation; organizations running PostgreSQL-backed Drupal sites should apply the provided fixes immediately, audit permissions and query behavior, and employ WAF protections while remediating.