CISA orders feds to patch actively exploited Drupal vulnerability
CISA orders feds to patch actively exploited Drupal vulnerability
Publish Date: 2026-05-26 04:46:45
Source Domain: www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that U.S. government agencies must secure their servers against an actively exploited SQL injection vulnerability (CVE-2026-9082) in Drupal’s content management system due by Wednesday evening. Discovered by Google/Mandiant researcher Michael Maturi, this vulnerability exists in Drupal’s database abstraction API and can be exploited without user authentication to potentially enable information disclosure, privilege escalation, and remote code execution. Following the release of patches by Drupal, the flaw was tagged as highly critical based on observed exploitation attempts. Cybersecurity firm Imperva has identified over 15,000 attack attempts targeting nearly 6,000 websites worldwide, with financial and gaming sectors being primary targets. As of May 21, Shadowserver tracks almost 670 unpatched Drupal installations publicly exposed, with significant numbers in North America and Europe.
Key Points:
* CISA mandate for federal agencies to patch Drupal server vulnerability by May 27.
* The vulnerability, CVE-2026-9082, allows for SQL injection attacks leading to privilege escalation and remote code execution.
* Attack attempts targeting financial and gaming sectors form almost half of the detected attacks.
* Imperva reports over 15,000 exploitation attempts, affecting almost 6,000 sites across 65 countries.
* CISA advises all organizations, including those in the private sector, to prioritize applying the patches to mitigate cyber risks.
