Article

Alert: Drupal Security Updates – May 2026

Drupal has released urgent security updates to address a critical SQL injection vulnerability (CVE-2026-9082) affecting multiple core branches, including PostgreSQL-based deployments. Exploitation may lead to unauthorized database access, information disclosure, privilege escalation, or remote code execution.

Affected products include but are not limited to:

Drupal 8.9.0 - 10.4.9
Drupal 10.5.x versions prior to 10.5.10
Drupal 10.6.x versions prior to 10.6.9
Drupal 11.0.0 - 11.1.9
Drupal 11.2.x versions prior to 11.2.12
Drupal 11.3.x versions prior to 11.3.10

Security Risks

Successful exploitation of the SQL injection vulnerability could lead to unauthorized database access on affected systems. Depending on site configuration and database privileges, this may result in information disclosure, data manipulation, and potential escalation of privileges.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed software in order to continue receiving technical support and security patches. The software versions released for upgrade are:

2. Before performing any update tasks, ensure that you have a backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009

References

https://www.drupal.org/sa-core-2026-004

22 May 2026

More updates

20 May 2026

Security Alert: Active Exploitation of Microsoft Exchange Server Vulnerability CVE-2026-42897

Microsoft has identified and confirmed active exploitation of CVE-2026-42897.

20 May 2026

Security Alert: Cisco Security Updates – May 2026

Cisco has released security updates addressing multiple vulnerabilities across its products.

13 May 2026

Alert: Apple Security Updates - May 2026

Apple has released security updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS.

13 May 2026

Security Alert: Microsoft Security Updates – May 2026

Microsoft has released the May 2026 Patch Tuesday security updates addressing more than 120 vulnerabilities.

Affected products include but are not limited to:

Drupal 8.9.0 - 10.4.9

Drupal 10.5.x versions prior to 10.5.10

Drupal 10.6.x versions prior to 10.6.9

Drupal 11.0.0 - 11.1.9

Drupal 11.2.x versions prior to 11.2.12

Drupal 11.3.x versions prior to 11.3.10

Security Risks

Successful exploitation of the SQL injection vulnerability could lead to unauthorized database access on affected systems. Depending on site configuration and database privileges, this may result in information disclosure, data manipulation, and potential escalation of privileges.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed software in order to continue receiving technical support and security patches. The software versions released for upgrade are:

Drupal 11.3.10

Drupal 11.2.12

Drupal 11.1.10

Drupal 10.6.9

Drupal 10.5.10

Drupal 10.4.10

2. Before performing any update tasks, ensure that you have a backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009

References

https://www.drupal.org/sa-core-2026-004

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224