The Hacker News

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Drupal CVE-2026-9082 exploitation hit 15,000 attempts across 65 countries, forcing urgent patches by May 27, 2026.

CMS Drupal: Highly critical Drupal core update announced for May 20

A critical security update for Drupal Core will be released on the evening of Wednesday, May 20. Admins should install it quickly.