COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-9082

CVE-2026-9082

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-05-22
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-9082
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wildunpatched

Drupal Core SQL injection vulnerability enables remote code execution and privilege escalation via database API.

Drupal Core contains a SQL injection flaw in the database abstraction API that allows attackers to execute arbitrary commands and escalate privileges. This poses a severe risk to DIB organizations using Drupal-based systems, as it enables remote code execution and could lead to data exfiltration or system compromise. Organizations must immediately patch the vulnerability and audit all Drupal deployments for exposure.

Shame score — A critical SQL injection vulnerability in a widely-used CMS core component enables remote code execution and privilege escalation, representing a significant security risk for DIB organizations.

Players implicated

Drupal · vendorCore · product

Description

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.