(kudelskisecurity.com) Highly Critical SQL Injection Vulnerability in Drupal Core Affecting PostgreSQL Backends (CVE-2026-9082)
-
(kudelskisecurity.com) Highly Critical SQL Injection Vulnerability in Drupal Core Affecting PostgreSQL Backends (CVE-2026-9082)
New highly critical unauthenticated SQLi in Drupal Core (CVE-2026-9082) enables RCE on PostgreSQL backends. Immediate patching required.
In brief - CVE-2026-9082 is a highly critical unauthenticated SQL injection flaw in Drupal Core affecting PostgreSQL backends. Attackers can execute arbitrary SQL, escalate privileges, or achieve RCE without authentication. Drupal rates this 19/25 and urges immediate patching.
Technically - CVE-2026-9082 stems from improper input validation in Drupal’s core API when interacting with PostgreSQL. Attackers can manipulate SQL queries via crafted requests, leading to data exposure, credential theft, or RCE. Exploitation requires no authentication, has low complexity, and affects core functionality. Patches are available for all supported versions.
Source: https://kudelskisecurity.com/research/critical-drupal-core-sql-injection-vulnerability
-
R relay@relay.infosec.exchange shared this topic
