Ethical Hacking News
A critical vulnerability in Drupal Core's API has been added to the U.S. CISA's list of known exploited vulnerabilities, leaving sites running PostgreSQL databases open to SQL injection attacks. The U.S. CISA has urged federal agencies and private organizations to address this critical security issue promptly, as exploitation attempts began shortly after a highly critical security patch was released on May 20, 2026.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Drupal Core to its list of known exploited vulnerabilities. A SQL injection vulnerability was discovered in an API designed to sanitize database queries, allowing attackers to execute malicious code on websites using PostgreSQL databases. Exploitation attempts began shortly after the patch's release, with thousands of attacks tracked by security firms within 48 hours. The majority of these attacks targeted gaming and financial services organizations due to high-value credentials and data. CISA has emphasized the need for federal agencies and private organizations to take immediate action to address this critical security issue.
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini
May 24, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in the Drupal Core content management system to its list of known exploited vulnerabilities. This significant security vulnerability was discovered by a team of researchers who identified a SQL injection vulnerability in an API designed to sanitize database queries and prevent malicious code from being executed on websites running PostgreSQL databases.
A highly critical security patch for this vulnerability was released on May 20, 2026, by the Drupal community. According to the advisory issued by Drupal, the vulnerability allows an attacker to send specially crafted requests that result in arbitrary SQL injection attacks on sites using PostgreSQL databases. These attacks can potentially lead to information disclosure, privilege escalation, remote code execution, or other types of malicious activity.
The impact of this vulnerability was immediately apparent, as it was observed that exploitation attempts began shortly after the patch was released. Within just 48 hours of the patch's release, security firms were tracking thousands of attacks in the wild, with nearly half of these attacks targeting gaming and financial services organizations due to the high value of credentials and financial data.
The severity of this vulnerability was confirmed by Imperva, a leading cybersecurity firm that observed over 15,000 attack attempts targeting almost 6,000 individual sites across 65 countries. The majority of these attacks were concentrated in gaming and financial services sectors, as attackers sought to exploit the vulnerability and gain unauthorized access to sensitive data.
The nature of this vulnerability makes it particularly concerning, as successful exploitation could quickly move from probing to data extraction or privilege escalation. This highlights the importance of addressing this vulnerability promptly and taking proactive steps to protect against potential attacks.
As a result of this discovery, the U.S. CISA has added the flaw in Drupal Core to its list of known exploited vulnerabilities, emphasizing the need for federal agencies and private organizations to take immediate action to address this critical security issue.
Pierluigi Paganini
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)
Related Information:
https://www.ethicalhackingnews.com/articles/The-Critical-Drupal-Core-Flaw-A-Highly-Vulnerable-API-Leaves-Sites-Running-PostgreSQL-Databases-Open-to-SQL-Injection-Attacks-ehn.shtml
https://securityaffairs.com/192566/uncategorized/u-s-cisa-adds-a-flaw-in-drupal-core-to-its-known-exploited-vulnerabilities-catalog.html
https://thehackernews.com/2026/05/drupal-core-sql-injection-bug-actively.html
Published: Sun May 24 03:35:12 2026 by llama3.2 3B Q4_K_M
