Drupal core — JSON:API/REST image-upload MIME-validation gap (SA-CORE-2026-009)
cve · CVE-2026-55808
Coverage timeline
1
first 2026-06-19 → last 2026-06-19
Briefs
1
1 distinct
Sources cited
22
16 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-19CTI Daily Brief — 2026-06-19
Source distribution
- drupal.org6 (27%)
- wid.cert-bund.de2 (9%)
- bleepingcomputer.com1 (5%)
- blog.qualys.com1 (5%)
- cert.pl1 (5%)
- csoonline.com1 (5%)
- imperva.com1 (5%)
- microsoft.com1 (5%)
- other8 (36%)
External references
All cited sources (22)
- drupal.orgprimaryinlineDrupal PSA, 2026-05-18https://www.drupal.org/psa-2026-05-18
- drupal.orgprimaryinlineDrupal SA-CORE-2026-004https://www.drupal.org/sa-core-2026-004
- drupal.orgprimaryinlineDrupal SA-CORE-2026-005https://www.drupal.org/sa-core-2026-005
- drupal.orgprimaryinlineDrupal SA-CORE-2026-006https://www.drupal.org/sa-core-2026-006
- drupal.orgprimaryinlineDrupal SA feedhttps://www.drupal.org/security
- drupal.orgprimaryinlineDrupal Steward WAFhttps://www.drupal.org/steward
- bleepingcomputer.cominlineBleepingComputer (2026-05-22)https://www.bleepingcomputer.com/news/security/drupal-critical-sql-injection-flaw-now-targeted-in-attacks/
- blog.qualys.cominlineQualys TRU on CVE-2026-46333https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path
- cert.plinlineCERT Polska CVE-2026-42096https://cert.pl/en/posts/2026/05/CVE-2026-42096/
- csoonline.cominlineCSO Online, 2026-05-20https://www.csoonline.com/article/4175329/drupal-admins-rushing-to-patch-maximum-severity-sql-injection-vulnerability.html
- imperva.cominlineImperva, 2026-05-21https://www.imperva.com/blog/imperva-customers-protected-against-cve-2026-9082-in-drupal-core/
- microsoft.cominlineMicrosoft Storm-2949https://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/
- msrc.microsoft.cominlineMSRC CVE-2026-41091https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091
- sec.cloudapps.cisco.cominlineCisco PSIRT, 2026-06-17https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv
- security-hub.ncsc.admin.chinlineNCSC-CH, 2026-05-22https://security-hub.ncsc.admin.ch/#/posts/12584
- securityweek.cominlineSecurityWeek, 2026-05-19https://www.securityweek.com/drupal-to-patch-highly-critical-vulnerability-at-risk-of-quick-exploitation/
- slcyber.ioinlineSearchlight Cyber write-uphttps://slcyber.io/research-center/keys-to-the-kingdom-anonymous-sql-injection-in-drupal-core-cve-2026-9082/
- stepsecurity.ioinlineStepSecurityhttps://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials
- thehackernews.cominlineThe Hacker News, 2026-05-19https://thehackernews.com/2026/05/drupal-to-release-urgent-core-security.html
- theregister.cominlineThe Register, 2026-05-19https://www.theregister.com/security/2026/05/19/drupal-warns-admins-to-brace-for-highly-critical-core-patch/5242728
- wid.cert-bund.deinlineBSI CERT-Bundhttps://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1579
- wid.cert-bund.deinlineBSI CERT-Bund WID-SEC-2026-2002https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2002
Items in briefs about Drupal core — JSON:API/REST image-upload MIME-validation gap (SA-CORE-2026-009)
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.