CISA Adds Drupal Core SQL Injection Vulnerability to KEV After Active Exploitation

CISA has added CVE-2026-9082, a highly critical Drupal Core SQL injection vulnerability, to its Known Exploited Vulnerabilities Catalog after evidence of active exploitation. The issue affects Drupal sites that use PostgreSQL databases and can be triggered by anonymous users through specially crafted requests. The flaw was disclosed in the Drupal security advisory SA-CORE-2026-004 on May […] The post CISA Adds Drupal Core SQL Injection Vulnerability to KEV After Active Exploitation appeared first on VPN Central.