Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek.
Drupal has patched a highly critical vulnerability that could allow threat actors to hack websites powered by the open source content management system (CMS).
The developers of the CMS had alerted users prior to the patch’s release that an exploit might be created within hours or days of disclosure.
The vulnerability, tracked as CVE-2026-9082 and rated ‘highly critical’ with a NIST CMSS score of 20 out of 25, affects an API designed to ensure that database queries are sanitized to prevent SQL injection attacks.
Related breach coverage
- Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure2026-05-22
Drupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek.
- Unpatched ChromaDB Vulnerability Can Lead to Server Takeover2026-05-19
The security defect can be exploited remotely, without authentication, to execute arbitrary code and leak sensitive information. The post Unpatched ChromaDB Vulnerability Can Lead to Server Takeover appeared first on SecurityWeek.
- Cisco Patches Critical Vulnerability in Secure Workload2026-05-21
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek.
- Critical Vulnerability Exposes Industrial Robot Fleets to Hacking2026-05-19
The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection. The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking appeared first on SecurityWeek.