CVEweb securityremediationsmall businessCISA KEVDrupal
CVE-2026-9082: If Your Website Runs Drupal on PostgreSQL, It's Leaking Data
Anonymous SQL injection in Drupal core. No login required. On CISA KEV. Mass scanning started within days. If you run Drupal on PostgreSQL, patch right now or take it offline.
May 21, 2026