(imperva.com) Critical SQL Injection Vulnerability in Drupal Core (CVE-2026-9082): Exploitation Trends and Mitigation Strategies
-
(imperva.com) Critical SQL Injection Vulnerability in Drupal Core (CVE-2026-9082): Exploitation Trends and Mitigation Strategies
Critical unauthenticated SQL injection in Drupal core (CVE-2026-9082) actively exploited in the wild. PostgreSQL-backed sites at high risk of RCE, privilege escalation, or data theft via crafted JSON:API filters and login endpoints.
In brief - CVE-2026-9082 enables unauthenticated SQLi in Drupal core (PostgreSQL only), with 15K+ attack attempts observed since disclosure. Immediate patching and WAF rules required to block exploitation.
Technically - Flaw in Drupal’s database abstraction API allows SQLi via attacker-controlled array keys (e.g., `0), 0)) OR 1=1 --`) in JSON:API filter parameters. Exploitable via `/user/login?_format=json` and JSON:API endpoints. Observed payloads include `pg_sleep` and UNION-based probes. Patch to 10.4.10+/10.5.10+ and monitor for anomalous JSON:API activity.
Source: https://www.imperva.com/blog/imperva-customers-protected-against-cve-2026-9082-in-drupal-core/
-
R relay@relay.infosec.exchange shared this topic
