Drupal core SA-CORE-2026-004 / CVE-2026-9082 — pre-auth SQL injection on PostgreSQL backends; UPDATE on 2026-05-20 PSA pre-warning
cve · item:drupal-sa-core-2026-004-cve-2026-9082-sql-injection-postgres
Coverage timeline
1
first 2026-05-21 → last 2026-05-21
Briefs
1
1 distinct
Sources cited
14
11 hosts
Sections touched
1
updates
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-21CTI Daily Brief — 2026-05-21
Where this entity is cited
- updates1
Source distribution
- drupal.org4 (29%)
- cert.pl1 (7%)
- csoonline.com1 (7%)
- microsoft.com1 (7%)
- msrc.microsoft.com1 (7%)
- security-hub.ncsc.admin.ch1 (7%)
- securityweek.com1 (7%)
- stepsecurity.io1 (7%)
- other3 (21%)
External references
All cited sources (14)
- drupal.orgprimaryinlineDrupal PSA, 2026-05-18https://www.drupal.org/psa-2026-05-18
- drupal.orgprimaryinlineDrupal Security Team, 2026-05-20https://www.drupal.org/sa-core-2026-004
- drupal.orgprimaryinlineDrupal SA feedhttps://www.drupal.org/security
- drupal.orgprimaryinlineDrupal Steward WAFhttps://www.drupal.org/steward
- cert.plinlineCERT Polska CVE-2026-42096https://cert.pl/en/posts/2026/05/CVE-2026-42096/
- csoonline.cominlineCSO Online, 2026-05-20https://www.csoonline.com/article/4175329/drupal-admins-rushing-to-patch-maximum-severity-sql-injection-vulnerability.html
- microsoft.cominlineMicrosoft Storm-2949https://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/
- msrc.microsoft.cominlineMSRC CVE-2026-41091https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091
- security-hub.ncsc.admin.chinlineNCSC-CH, 2026-05-19https://security-hub.ncsc.admin.ch/#/posts/12584
- securityweek.cominlineSecurityWeek, 2026-05-19https://www.securityweek.com/drupal-to-patch-highly-critical-vulnerability-at-risk-of-quick-exploitation/
- stepsecurity.ioinlineStepSecurityhttps://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials
- thehackernews.cominlineThe Hacker News, 2026-05-19https://thehackernews.com/2026/05/drupal-to-release-urgent-core-security.html
- theregister.cominlineThe Register, 2026-05-19https://www.theregister.com/security/2026/05/19/drupal-warns-admins-to-brace-for-highly-critical-core-patch/5242728
- wid.cert-bund.deinlineBSI CERT-Bundhttps://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1579
Items in briefs about Drupal core SA-CORE-2026-004 / CVE-2026-9082 — pre-auth SQL injection on PostgreSQL backends; UPDATE on 2026-05-20 PSA pre-warning
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.