Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Drupal core security update for CVE-2026-9082

Security Patch Release
First reported
Last updated
Happening score
H score 55
1 unique sources, 2 articles

Summary

Hide ▲

Drupal released security updates for CVE-2026-9082, a highly critical SQL injection flaw affecting PostgreSQL-backed sites, and urged administrators to upgrade immediately. The update covers multiple Drupal branches, including 10.x and 11.x, and also includes fixes for upstream dependencies such as Symfony and Twig. The advisory matters because the flaw is unauthenticated and exploit attempts were already being detected in the wild.

Related Happenings

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Open Happening

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

How related: On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to patch their systems by midnight on Wednesday, May 27, as mandated by Binding Operational Directive (BOD) 22-01.

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

Open Happening

TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926

Security Patch Release
First: 22.05.2026 11:19 Last: 22.05.2026 11:19 Sources 1

About this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....

Open Happening

Drupal core security release for 11.3.x-10.4x

Security Patch Release
First: 20.05.2026 15:52 Last: 20.05.2026 15:52 Sources 1

About this happening: **Drupal** has scheduled a **core security release** for **Drupal core**, with updates due later today and a brief window before details are public. The release covers **Drupal co...

Open Happening

Drupal core security release (May 2026)

Security Patch Release
First: 19.05.2026 13:44 Last: 19.05.2026 13:44 Sources 1

About this happening: **Drupal Security Team** announced a **core security release** for **all supported Drupal branches** on **May 20, 2026**, signaling an **urgent update window** for sites that may...

Open Happening

Timeline

  1. 22.05.2026 03:00 2 articles · 5d ago

    Drupal confirms exploitation attempts for CVE-2026-9082

    Detection Ioc Update

    Drupal updated its advisory on May 22, 2026 to say exploitation attempts were being detected in the wild and reiterated that website owners and administrators should upgrade immediately to the latest version available for their branch, including Drupal 10.4.x before 10.4.10, 10.5.x before 10.5.10, 10.6.x before 10.6.9, and 11.0.x / 11.1.x before 11.1.10, with bundled fixes for upstream dependencies such as Symfony and Twig.

    Show sources
    Open in new tab
  2. 18.05.2026 03:00 2 articles · 9d ago

    Drupal issues PSA for CVE-2026-9082

    Initial Disclosure

    Drupal published a PSA on May 18, 2026 warning administrators to reserve time for core updates after announcing CVE-2026-9082, a highly critical SQL injection flaw in Drupal’s database abstraction API that affects PostgreSQL sites and may be exploited within hours or days.

    Show sources
    Open in new tab