Drupal released security updates for a highly critical Drupal Core vulnerability affecting sites that use PostgreSQL.

Drupal plans May 20 core security patches as exploits may follow within hours or days, requiring urgent site updates.

Drupal is warning users that it’s preparing a patch for a ‘highly critical’ vulnerability that may be exploited shortly after its disclosure.

Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure.

Drupal released security updates for a highly critical Drupal Core vulnerability affecting sites that use PostgreSQL.

CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution.

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week.

Drupal warns users that it has seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites.

Drupal CVE-2026-9082 exploitation hit 15,000 attempts across 65 countries, forcing urgent patches by May 27, 2026.