Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

However, theadvisory for CVE-2026-9082was updated on March 22 to inform users that the risk score has been updated from 20 to 23 “to reflect that exploit attempts are now being detected in the wild”. It’s worth noting that Drupal uses the NIST CMSS scoring system for vulnerabilities and the maximum risk rating is 25.Imperva reported seeing more than15,000 exploitation attemptstargeting nearly 6,000 sites across 65 countries. Almost half of the attacks were aimed at gaming and financial services websites.“This pattern suggests attackers and scanners are primarily attempting to identify exposed Drupal sites running vulnerable PostgreSQL-backed configurations. While the activity is currently dominated by reconnaissance and validation, the nature of the vulnerability means successful exploitation could quickly move from probing to data extraction or privilege escalation,” the security firm warned.‘Highly critical’ vulnerabilities haven’t been patched in Drupal in years and there haven’t been any reports of new Drupal vulnerabilities being exploited in the wildsince 2019.Prior to 2019, the flaws dubbedDrupalgeddonandDrupalgeddon2made headlines for being exploited to compromise many websites.Related:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

Imperva reported seeing more than15,000 exploitation attemptstargeting nearly 6,000 sites across 65 countries. Almost half of the attacks were aimed at gaming and financial services websites.“This pattern suggests attackers and scanners are primarily attempting to identify exposed Drupal sites running vulnerable PostgreSQL-backed configurations. While the activity is currently dominated by reconnaissance and validation, the nature of the vulnerability means successful exploitation could quickly move from probing to data extraction or privilege escalation,” the security firm warned.‘Highly critical’ vulnerabilities haven’t been patched in Drupal in years and there haven’t been any reports of new Drupal vulnerabilities being exploited in the wildsince 2019.Prior to 2019, the flaws dubbedDrupalgeddonandDrupalgeddon2made headlines for being exploited to compromise many websites.Related:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

“This pattern suggests attackers and scanners are primarily attempting to identify exposed Drupal sites running vulnerable PostgreSQL-backed configurations. While the activity is currently dominated by reconnaissance and validation, the nature of the vulnerability means successful exploitation could quickly move from probing to data extraction or privilege escalation,” the security firm warned.‘Highly critical’ vulnerabilities haven’t been patched in Drupal in years and there haven’t been any reports of new Drupal vulnerabilities being exploited in the wildsince 2019.Prior to 2019, the flaws dubbedDrupalgeddonandDrupalgeddon2made headlines for being exploited to compromise many websites.Related:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

‘Highly critical’ vulnerabilities haven’t been patched in Drupal in years and there haven’t been any reports of new Drupal vulnerabilities being exploited in the wildsince 2019.Prior to 2019, the flaws dubbedDrupalgeddonandDrupalgeddon2made headlines for being exploited to compromise many websites.Related:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

Prior to 2019, the flaws dubbedDrupalgeddonandDrupalgeddon2made headlines for being exploited to compromise many websites.Related:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

Related:Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

Related:Microsoft Warns of Exchange Server Zero-Day Exploited in the WildRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

Related:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Source: SecurityWeek