> TritonInfoSec News
Home / May 24, 2026 / Story
0
#2 The Hacker News general May 23, 2026 at 07:23 UTC

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

By [email protected] (The Hacker News)

AI Summary

CISA has added CVE-2026-9082, a CVSS 6.5 SQL injection vulnerability in Drupal Core affecting all supported versions, to its Known Exploited Vulnerabilities catalog following evidence of active exploitation. SecurityWeek reports attackers began targeting the flaw shortly after public disclosure, with thousands of websites already under attack. Drupal site administrators should apply the available patch without delay.

Read full article → https://thehackernews.com/2026/05/drupal-core-sql-…

Relevance score: 86.0/100

# More from May 24

  1. 1
    LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root The Hacker News
  2. 3
    A hacker group is poisoning open source code at an unprecedented scale Ars Technica Security
  3. 4
    Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack SecurityWeek
  4. 5
    ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested SecurityWeek
  5. 6
    US and Canada arrest and charge suspected Kimwolf botnet admin BleepingComputer
  6. 7
    CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV The Hacker News
  7. 8
    CISA Security Leak Schneier on Security
  8. 9
    FBI warns about fast-growing phishing kit targeting Microsoft 365 users CyberScoop
  9. 10
    China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts. Dark Reading