The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Drupal Core active exploited vulnerability to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2026-9082, successful exploitation of the vulnerability may allow an attacker to elevate privileges and execute code remotely. CISA urged users to patch the vulnerability before May 27, 2026. Drupal mentioned in the advisory that exploit attempts are now being detected in the wild.