The Drupal core SQL injection vulnerability CVE 2026 9082 is being actively exploited against PostgreSQL backed Drupal sites, exposing organizations to remote code execution and database compromise risks.