Drupal CVE-2026-9082 exploitation hit 15,000 attempts across 65 countries, forcing urgent patches by May 27, 2026.

Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure.

Drupal released security updates for a highly critical Drupal Core vulnerability affecting sites that use PostgreSQL.