Exposures › CVE-2026-9082
Drupal Core SQL injection vulnerability enables remote code execution and privilege escalation via database API.
Drupal Core contains a SQL injection flaw in the database abstraction API that allows attackers to execute arbitrary commands and escalate privileges. This poses a severe risk to DIB organizations using Drupal-based systems, as it enables remote code execution and could lead to data exfiltration or system compromise. Organizations must immediately patch the vulnerability and audit all Drupal deployments for exposure.
Shame score — A critical SQL injection vulnerability in a widely-used CMS core component enables remote code execution and privilege escalation, representing a significant security risk for DIB organizations.
Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.
No correlated FedRAMP products.