CVE-2026-9082
CriticalSummary
A SQL Injection vulnerability in Drupal core is caused by improper neutralization of special elements used in SQL commands. This affects versions from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, and from 11.3.0 before 11.3.10.
Risk Assessment
An attacker could exploit this vulnerability to execute unauthorized SQL commands, potentially leading to data exposure or system compromise. Organizations should be aware of the risks associated with outdated Drupal versions.
Recommendation
It is recommended to upgrade to the latest version of Drupal to mitigate this vulnerability. Regular monitoring and updating of systems is crucial for maintaining security.
Original NVD description (English source)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.

