Critical Drupal Core Vulnerability (CVE-2026-9082): PostgreSQL Sites at RCE Risk

Colleagues, please note: a critical vulnerability has been identified in Drupal Core.
What happened: CVE-2026-9082 in the database abstraction API permits specially crafted queries that trigger arbitrary SQL injection on PostgreSQL-backed sites. This may lead to data exposure, privilege escalation and remote code execution; attacks are weaponised by anonymous actors.
Scope and mitigation: only PostgreSQL sites are affected. Patches released for 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10 and 10.4.10; manual fixes available for 9.5 and 8.9. Immediately update supported branches, apply patches and audit logs.
Why this matters: the potential for RCE and data leakage requires immediate remediation.
Are you scheduling an update?
#cybersecurity #Drupal #PostgreSQL #RCE


Latest comments
No comments yet.