CVE-2026-9082
EUVD-2026-3115320.05.2026, 20:16
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection.
This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| drupal | drupal | 8.9.0 ≤ 𝑥 < 10.4.10 |
| drupal | drupal | 10.5.0 ≤ 𝑥 < 10.5.10 |
| drupal | drupal | 10.6.0 ≤ 𝑥 < 10.6.9 |
| drupal | drupal | 11.0.0 ≤ 𝑥 < 11.1.10 |
| drupal | drupal | 11.2.0 ≤ 𝑥 < 11.2.12 |
| drupal | drupal | 11.3.0 ≤ 𝑥 < 11.3.10 |
𝑥
= Vulnerable software versions