Drupal core vulnerability CVE-2026-9082: Find impacted assets

Drupal core is affected by a critical SQL injection vulnerability (CVE-2026-9082, CVSS 9.8) in the database abstraction API that allows remote, unauthenticated attackers to send crafted requests resulting in arbitrary SQL execution on sites configured to use PostgreSQL; successful exploitation can lead to information disclosure, privilege escalation, RCE, and other attacks, and there is evidence of active exploitation in the wild. Multiple Drupal versions are listed as affected, and the advisory provides version-specific patches and upgrade guidance to mitigate the issue.