Tag

Drupal

All articles tagged with #drupal

security5 days ago•1 min saved

Drupal Core Flaw Exposes PostgreSQL Sites to RCE via Anonymous SQL Injection

Drupal released highly critical security updates for Drupal Core to fix CVE-2026-9082, a flaw in the database abstraction API that allows anonymous attackers to perform arbitrary SQL injections on PostgreSQL sites, potentially leading to information disclosure, privilege escalation, or remote code execution (CVSS 6.5). Affected versions include 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, and 10.4.10; Drupal 7 is not affected. End-of-life releases are patched on a best-effort basis, and the updates include upstream fixes for Symfony and Twig.

via The Hacker News|

#cve-2026-9082 #drupal #postgresql

technology5 days ago•3 min saved

Drupal unveils urgent core patch to curb high-risk exploit

Drupal has issued a critical core security release to fix a high-exploitation vulnerability affecting Drupal 8 and newer. Administrators should plan to apply the update on May 20 UTC, upgrading to at least Drupal 10.6 or using hotfixes for older 9.x/8.x where available. Patches are released for 11.3.x, 11.2.x, 11.1.x, 10.6.x, 10.5.x, and 10.4.x; Drupal 8/9 are end-of-life and won’t receive patches, though hotfixes will be published for 9.5 and 8.9. Drupal Steward customers are protected but should still update. No technical vulnerability details are disclosed yet; admins should monitor Drupal’s security portal for official guidance.

via BleepingComputer|

#cms #cybersecurity #drupal