Drupal Faces Exploitation Threat Following Disclosure of Critical Vulnerability
Drupal has issued a warning to its users about a critical vulnerability, CVE-2026-9082, which has already seen attempts at exploitation shortly after its disclosure. This vulnerability affects an API responsible for sanitizing database queries to prevent SQL injection. Specifically, it allows attackers to send specially crafted requests that can lead to arbitrary SQL injection on sites using PostgreSQL databases. The flaw can be exploited by unauthenticated attackers to gain information and potentially escalate privileges or execute remote code. Although Drupal powers hundreds of thousands of websites, the vulnerability impacts less than 5% of these, as it only affects sites using PostgreSQL. The risk score for this vulnerability was recently updated from 20 to 23, indicating that exploit attempts are now being detected in the wild. Security firm Imperva has reported over 15,000 exploitation attempts targeting nearly 6,000 sites across 65 countries, with a significant focus on gaming and financial services... 
