Drupal
Drupal SA-CORE-2026-004: Highly Critical Unauthenticated SQL Injection Hits PostgreSQL Sites
CVE-2026-9082 is a highly critical SQL injection in Drupal core's database abstraction API. Anonymous attackers can run arbitrary SQL against PostgreSQL-backed sites. Patches dropped May 20; exploitation is expected within days.