Drupal is warning customers that it’s already seeing makes an attempt to take advantage of CVE-2026-9082, the extremely essential vulnerability patched this week.
The vulnerability impacts an API designed to make sure that database queries are sanitized to forestall SQL injection.
“A vulnerability on this API permits an attacker to ship specifically crafted requests, leading to arbitrary SQL injection for websites utilizing PostgreSQL databases,” Drupal explains.
The flaw might be exploited by unauthenticated attackers to acquire info and in some instances for privilege escalation and distant code execution.
Drupal predicted that an exploit for CVE-2026-9082 could also be created inside hours or days of disclosure and alerted customers previous to the patch’s launch on Might 20.
The CMS powers tons of of 1000’s of internet sites, however the safety gap solely impacts websites that use PostgreSQL, and Drupal believes lower than 5% are affected.
Nevertheless, the advisory for CVE-2026-9082 was up to date on March 22 to tell customers that the chance rating has been up to date from 20 to 23 “to replicate that exploit makes an attempt are actually being detected within the wild”. It’s price noting that Drupal makes use of the NIST CMSS scoring system for vulnerabilities and the utmost threat score is 25.
Imperva reported seeing greater than 15,000 exploitation makes an attempt concentrating on almost 6,000 websites throughout 65 international locations. Virtually half of the assaults had been aimed toward gaming and monetary companies web sites.
“This sample suggests attackers and scanners are primarily making an attempt to establish uncovered Drupal websites operating weak PostgreSQL-backed configurations. Whereas the exercise is at present dominated by reconnaissance and validation, the character of the vulnerability means profitable exploitation might rapidly transfer from probing to information extraction or privilege escalation,” the safety agency warned.
‘Extremely essential’ vulnerabilities haven’t been patched in Drupal in years and there haven’t been any stories of latest Drupal vulnerabilities being exploited within the wild since 2019.
Previous to 2019, the issues dubbed Drupalgeddon and Drupalgeddon2 made headlines for being exploited to compromise many web sites.
Associated: Cisco Patches One other SD-WAN Zero-Day, the Sixth Exploited in 2026
Associated: Microsoft Warns of Alternate Server Zero-Day Exploited within the Wild
Associated: New ‘Soiled Frag’ Linux Vulnerability Probably Exploited in Assaults
