CVEFinder.io

CVE-2026-9082

πŸ”Ά medium πŸ›‘οΈ CISA KEV
πŸ” Scan for this CVE
πŸ›‘οΈ CISA Known Exploited Vulnerability Added: 2026-05-22 Remediation Due: 2026-05-27
AI Summary

An actively exploited SQL Injection in Drupal core (versions 8.9.0 through 11.3.10) allows attackers to execute arbitrary SQL commands. This grants full control over the database, leading to data compromise.

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.

CVSS Score
6.5
Medium
EPSS Score
12.6
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-21
πŸ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 47.9% of all 322,139 vulnerabilities in our database.

#167,973
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
πŸ” Exploitation Status
Active
Exploits detected in the wild
βš™οΈ Automatable
YES
Can be exploited automatically
πŸ’₯ Technical Impact
Total
Complete system compromise possible
πŸ† Discovered By
Michael Maturi (michaelmaturi) BjΓΆrn Brala (bbrala) (remediation developer) Benji Fisher (benjifisher) (remediation developer) catch (catch) (remediation developer) Lee Rowlands (larowlan) (remediation developer) Dave Long (longwave) (remediation developer) Drew Webber (mcdruid) (remediation developer) Jess (xjm) (remediation developer) Anna Kalata (akalata) (coordinator) Benji Fisher (benjifisher) (coordinator) catch (catch) (coordinator) Damien McKenna (damienmckenna) (coordinator) Neil Drumm (drumm) (coordinator) Greg Knaddison (greggles) (coordinator) Heine Deelstra (heine) (coordinator) Tim Hestenes Lehnen (hestenet) (coordinator) Dave Long (longwave) (coordinator) Drew Webber (mcdruid) (coordinator) Juraj Nemec (poker10) (coordinator) Pierre Rudloff (prudloff) (coordinator) Jess (xjm) (coordinator) Cathy Theys (yesct) (coordinator)
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-89

πŸ“¦ Affected Products 0

No affected products information available

πŸ”— References 1

https://www.drupal.org/sa-core-2026-004