The U.S. Cybersecurity and Infrastructure Security Agency
(CISA) has added a recently patched critical security flaw
impacting Drupal Core to its Known Exploited Vulnerabilities (KEV)
catalog, based on evidence of active exploitation. The
vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an
SQL injection vulnerability affecting all supported versions of
Drupal Core. "Drupal Core
Read more https://thehackernews.com/2026/05/drupal-core-sql-injection-bug-actively.html
