U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog

A highly critical vulnerability (CVE-2026-9082) in Drupal Core has been added to the U.S. CISA's Known Exploited Vulnerabilities catalog, affecting Drupal users with a CVSS score of 9.8. The vulnerability allows remote code execution, enabling attackers to exploit it for malicious purposes. Drupal has released a security patch to address the issue.

1. A highly critical vulnerability (CVE-2026-9082) in Drupal Core allows remote code execution.
2. The vulnerability affects Drupal users with a CVSS score of 9.8, indicating high exploitability.
3. Drupal has released a security patch to address the issue, mitigating the risk of exploitation.
4. Monitoring for suspicious activity and implementing regular security updates can help detect and prevent exploitation.

T1210 - Exploitation of Remote Services

Apply the latest security patch released by Drupal to address the CVE-2026-9082 vulnerability.