Drupal SQL Injection Flaw Added to Active Threat List

India's cybersecurity teams should note that CISA, the US Cybersecurity and Infrastructure Security Agency, has added CVE-2026-9082, a critical SQL injection vulnerability in Drupal Core, to its Known Exploited Vulnerabilities catalog. This designation indicates active exploitation by threat actors. While CISA's mandate applies to US federal agencies, the agency recommends all organizations globally prioritize patching this vulnerability as part of standard security practices. SQL injection flaws remain favored attack vectors for cybercriminals targeting enterprise systems. Organizations running Drupal should apply available patches immediately to prevent potential compromise. Source: CISA.