CISA orders FCEB patching for CVE-2026-9082
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2026-9082 to the KEV Catalog and ordered FCEB agencies to patch Drupal by May 27, turning an actively exploited flaw into a mandatory federal remediation. The directive targets an unauthenticated SQL injection issue in Drupal that affects PostgreSQL-powered sites. CISA also urged other defenders to prioritize the patching of KEV vulnerabilities and reduce exposure quickly.
Related Happenings
CISA KEV remediation order for CVE-2026-48907
Public Sector Action
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV remediation order for CVE-2026-48907
Public Sector ActionAbout this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector Action
H score36
First: 16.06.2026 13:47
Last: 16.06.2026 13:47
Sources 1
About this happening:
**CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector ActionAbout this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector Action
H score36
First: 12.06.2026 11:26
Last: 12.06.2026 11:26
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector ActionAbout this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector Action
H score27
First: 10.06.2026 15:00
Last: 10.06.2026 15:00
Sources 1
About this happening:
**CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector ActionAbout this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA KEV remediation for Android and Linux vulnerabilities
Advisory/Mitigation
H score57
First: 03.06.2026 18:36
Last: 03.06.2026 18:36
Sources 1
About this happening:
CISA’s **KEV** update forced **federal agencies** to remediate **CVE-2025-48595** and **CVE-2022-0492** in **Android** and the **Linux kernel** before the **June 5** deadline, or...
CISA KEV remediation for Android and Linux vulnerabilities
Advisory/MitigationAbout this happening: CISA’s **KEV** update forced **federal agencies** to remediate **CVE-2025-48595** and **CVE-2022-0492** in **Android** and the **Linux kernel** before the **June 5** deadline, or...
Timeline
-
26.05.2026 11:46 1 articles · 1mo ago
Imperva tracks large-scale attack attempts against Drupal sites
Exploitation ObservedImperva observed more than 15,000 attack attempts targeting almost 6,000 Drupal sites across 65 countries after CVE-2026-9082 was released, with gaming and financial services sites accounting for nearly half of the traffic. The flaw is an unauthenticated SQL injection issue in Drupal's database abstraction API that can affect PostgreSQL-powered sites.
Show sources
- CISA orders feds to patch actively exploited Drupal vulnerability — www.bleepingcomputer.com — 26.05.2026 11:46
-
26.05.2026 11:46 2 articles · 1mo ago
CISA adds CVE-2026-9082 to the KEV Catalog and orders patching
Legal Policy Action UpdateCISA added CVE-2026-9082 to the Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch agencies to patch Drupal systems by midnight on Wednesday, May 27, under Binding Operational Directive (BOD) 22-01. CISA also urged other organizations using Drupal to apply vendor mitigations or discontinue use if mitigations are unavailable.
Show sources
- CISA orders feds to patch actively exploited Drupal vulnerability — www.bleepingcomputer.com — 26.05.2026 11:46
- CISA orders feds to patch actively exploited Drupal vulnerability — www.bleepingcomputer.com — 26.05.2026 11:46
-
26.05.2026 11:46 1 articles · 1mo ago
Researcher discovers CVE-2026-9082 in Drupal's database abstraction API
Technical Analysis UpdateGoogle/Mandiant researcher Michael Maturi discovered CVE-2026-9082 in Drupal's database abstraction API, and the Drupal security team marked the flaw highly critical, released patches, and confirmed exploitation attempts in the wild. Shadowserver also tracked nearly 670 unpatched Drupal installations exposed online, most of them in North America and Europe.
Show sources
- CISA orders feds to patch actively exploited Drupal vulnerability — www.bleepingcomputer.com — 26.05.2026 11:46