{
  "title": "Drupal Core CVE-2026-9082: KEV SQL Injection Exposure",
  "summary": "CISA added Drupal Core CVE-2026-9082 to KEV on 2026-05-22. The exploitable surface is PostgreSQL-backed Drupal Core in affected 8.9.x, 10.x, and 11.x ranges; this article provides composer, settings, and telemetry scripts for exposure and closure.",
  "date": "2026-05-26",
  "severity": "critical",
  "tags": [
    "drupal",
    "cisa-kev",
    "zero-day",
    "vulnerability-response",
    "sql-injection"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "drupal-core-cve-2026-9082-kev",
    "since": "2026-05-26T00:00:00Z",
    "until": "2026-05-26T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-9082"
    ],
    "cwes": [
      "CWE-89"
    ],
    "advisoryIds": [
      "SA-CORE-2026-004"
    ],
    "products": [
      "Core"
    ],
    "packages": [
      "drupal/core"
    ],
    "versions": [],
    "affectedVersions": [
      "8.9.0 <= Drupal < 10.4.10",
      "10.5.0 <= Drupal < 10.5.10",
      "10.6.0 <= Drupal < 10.6.9",
      "11.1.0 <= Drupal < 11.1.10",
      "11.2.0 <= Drupal < 11.2.12",
      "11.3.0 <= Drupal < 11.3.10"
    ],
    "fixedVersions": [
      "10.4.10",
      "10.5.10",
      "10.6.9",
      "11.1.10",
      "11.2.12",
      "11.3.10"
    ],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": [
      "CVE-2026-9082",
      "SA-CORE-2026-004",
      "drupal/core",
      "user_role",
      "uid=1",
      "sites/default/files",
      "pgsql",
      "PostgreSQL"
    ]
  }
}