{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T01:55:43.387","vulnerabilities":[{"cve":{"id":"CVE-2026-9082","sourceIdentifier":"mlhess@drupal.org","published":"2026-05-20T20:16:41.230","lastModified":"2026-05-22T19:38:04.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection.\n\nThis issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10."}],"metrics":{"cvssMetricV31":[{"source":"mlhess@drupal.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"cisaExploitAdd":"2026-05-22","cisaActionDue":"2026-05-27","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Drupal Core SQL Injection Vulnerability","weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"8.9.0","versionEndExcluding":"10.4.10","matchCriteriaId":"D913070F-48D6-4282-8F54-72F40C57EFE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"10.5.0","versionEndExcluding":"10.5.10","matchCriteriaId":"358B0EE2-C620-4B3C-ACF3-A0537BF3DCD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"10.6.0","versionEndExcluding":"10.6.9","matchCriteriaId":"27F0A477-45CF-4670-A40B-C45EF45DDFD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.1.10","matchCriteriaId":"2CA9EE15-B47E-416A-9486-8A3CA815EF22"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.12","matchCriteriaId":"F34F68CB-E0D0-4F30-9B8C-7A51BF285F26"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3.0","versionEndExcluding":"11.3.10","matchCriteriaId":"C878524F-B5D0-4894-81BD-6E17AFB30A4A"}]}]}],"references":[{"url":"https://www.drupal.org/sa-core-2026-004","source":"mlhess@drupal.org","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-9082","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}