DrupalSecurityTeam · DrupalSecurityBot · May 22, 2026
diff --git a/advisories/core/DRUPAL-CORE-2026-004.json b/advisories/core/DRUPAL-CORE-2026-004.json
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.7.0",
   "id": "DRUPAL-CORE-2026-004",
-  "modified": "2026-05-21T14:13:52.000Z",
+  "modified": "2026-05-22T04:32:16.000Z",
   "published": "2026-05-20T18:08:21.000Z",
   "aliases": [
     "CVE-2026-9082"
   ],
-  "details": "Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.\n\nA vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.\n\nThis vulnerability can be exploited by anonymous users.\n\nThis SQL injection vulnerability **only affects sites using PostgreSQL**. However, the third-party dependency updates in these releases apply to all sites.\n\n### Upstream security advisories\n\nThe Drupal releases for supported branches (11.3, 11.2, 10.6, and 10.5) in this advisory also include security updates for Symfony and Twig. Those projects have released important [Security Advisories](https://symfony.com/blog/category/security-advisories) that were coordinated with this Drupal release, and Drupal is affected by some of the vulnerabilities.\n\nDepending on your site configuration and contrib modules, you may be vulnerable to one or more of these upstream issues, so **updating these dependencies is highly recommended whether the SQL Injection vulnerability affects you or not**. It is also recommended to review which user roles have the ability to update Twig templates, for example via Views or contributed modules.",
+  "details": "Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.\n\nA vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.\n\nThis vulnerability can be exploited by anonymous users.\n\nThis SQL injection vulnerability **only affects sites using PostgreSQL**. However, the third-party dependency updates in these releases apply to all sites.\n\n### Updates\n\n**May 22 2026, 04:30 UTC:** The risk score has been updated to reflect that exploit attempts are now being detected in the wild.\n\n### Upstream security advisories\n\nThe Drupal releases for supported branches (11.3, 11.2, 10.6, and 10.5) in this advisory also include security updates for Symfony and Twig. Those projects have released important [Security Advisories](https://symfony.com/blog/category/security-advisories) that were coordinated with this Drupal release, and Drupal is affected by some of the vulnerabilities.\n\nDepending on your site configuration and contrib modules, you may be vulnerable to one or more of these upstream issues, so **updating these dependencies is highly recommended whether the SQL Injection vulnerability affects you or not**. It is also recommended to review which user roles have the ability to update Twig templates, for example via Views or contributed modules.",
   "affected": [
     {
       "package": {