VulnerabilitiesCISA Flags Exploited Drupal SQL Injection Flaw. Drupal Won't Say Who Got Hit.
CVE-2026-9082 is in the Known Exploited Vulnerabilities catalog. The advisory mentions active exploitation. It does not mention victims, telemetry, or how anyone found out.
