Skip to content

CVE lookup

CVE-2026-9082

Pruva has a verified reproduction for CVE-2026-9082: Drupal core: unauthenticated SQL injection via JSON:API filter array keys. The canonical evidence record is REPRO-2026-00133.

REPRO

REPRO-2026-00133

Package

drupal/core · composer

Severity

CRITICAL

Status

published