AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-9082: Drupal Core SQL Injection Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesMay 21, 2026CVE-2026-9082

Summary

Drupal Core has a SQL injection vulnerability (a flaw where attackers insert malicious database commands into user input) that could allow attackers to gain higher privileges and execute remote code through specially crafted requests to the database API. This vulnerability is actively being exploited in the wild, with a deadline of May 27, 2026 to address it.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. More details are available at https://www.drupal.org/sa-core-2026-004.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

May 21, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-89

CAPEC (Attack Pattern)

CAPEC-66

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-9082

First tracked: May 22, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%