BIT-drupal-2026-9082

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2026-9082.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-drupal-2026-9082
Aliases
Published
2026-05-29T08:41:23.290Z
Modified
2026-06-18T20:26:07.761498054Z
Summary
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection.

This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.

Database specific
{
    "severity": "Critical",
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / drupal

Package

Name
drupal
Purl
pkg:bitnami/drupal

Severity

  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.9.0
Fixed
10.4.10
Introduced
10.5.0
Fixed
10.5.10
Introduced
10.6.0
Fixed
10.6.9
Introduced
11.0.0
Fixed
11.1.10
Introduced
11.2.0
Fixed
11.2.12
Introduced
11.3.0
Fixed
11.3.10

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2026-9082.json"