### Active Exploitation of Drupal SQL Injection Vulnerability **CISA** has issued an alert regarding **CVE-2026-9082**, a critical SQL injection vulnerability affecting **Drupal Core**. This vulnerability, which has a CVSS score of 6.5, allows for potential privilege escalation and remote code execution through specially crafted requests sent via the database abstraction API. ### Impact and Affected Versions The vulnerability impacts all supported versions of **Drupal Core**. Patches have been released for the following versions: * Drupal 11.3.10 * Drupal 11.2.12 * Drupal 11.1.10 * Drupal 10.6.9 * Drupal 10.5.10 * Drupal 10.4.10 * Drupal 9.5 (Manual patching required) * Drupal 8.9 (Manual patching required) ### Exploitation in the Wild **Drupal** acknowledged that exploit attempts are actively being detected. **Imperva** reports observing over 15,000 attack attempts targeting nearly 6,000 individual sites across 65 countries. "Attacks are primarily targeting gaming and financial services sites so far, at collectively almost 50% of all attacks," the company said. "Most of the observed activity so far appears to be probing." ### Attack Patterns and Recommendations According to **Imperva**, attackers are primarily attempting to identify exposed **Drupal** sites running vulnerable PostgreSQL-backed configurations. While current activity is mainly reconnaissance, successful exploitation could quickly escalate to data extraction or privilege escalation. Federal Civilian Executive Branch (FCEB) agencies are urged to apply the necessary patches by May 27, 2026, for optimal protection.