Drupal warns users that it has seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites.

Drupal released security updates for a highly critical Drupal Core vulnerability affecting sites that use PostgreSQL.

CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution.