Ctrl + K
/ news / CVE
CVEPublished 2026-05-20Modified 2026-05-212 articles on news5 live referencesNVD data

CVE-2026-9082

Vulnerability data via NVD (ingested)

CVSS v3.1
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS percentile
Weaknesses (CWE)
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.

Timeline
Published 2026-05-20
Modified 2026-05-21

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag331 hosts
vuln:CVE-2026-9082
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-9082
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-9082
Censys host search filtered to this CVE id.
grep.app
CVE-2026-9082
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-9082
GitHub code search for direct mentions.
Google dork
"CVE-2026-9082" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-90828 repos
nomi-sec/PoC-in-GitHubunknown
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
★ 7,848·updated today
Ostorlab/KEVunknown
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
★ 612·updated 3mo ago
DarkFunct/TK-CVE-RepoPython
TK-CVE-Repo
★ 50·updated 2w ago
7h30th3r0n3/CVE-2026-9082-Drupal-PoCPython
Drupal Core PostgreSQL SQL Injection PoC - CVE-2026-9082. Ethical PoC for the Drupal vulnerability allowing anonymous SQL injection through the JSON:API module on PostgreSQL-backed…
★ 17·updated 1mo ago
ambionics/cve-2026-9082-drupal-postgresql-rcePython
★ 10·updated 3w ago
N45HT/drupal-cve-2026-9082-checkerPython
Drupal CVE-2026-9082 Blind SQL Injection Checker
★ 6·updated 4w ago
barmi/cve-patch-auditorGo
Audit CVE impact, patch status, remediation progress, and verification results across systems.
★ 3·updated 3d ago
HORKimhab/CVE-2026-9082Python
CVE-2026-9082 | SA-CORE-2026-004
★ 2·updated 1mo ago
Articles on news mentioning CVE-2026-9082