Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.

A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.2.11
Drupal 10.2.12
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 10.3.9
Drupal 10.3.10
Drupal 10.3.11
Drupal 10.3.12
Drupal 10.3.13
Drupal 10.3.14
Drupal 10.4.0
Drupal 10.4.1
Drupal 10.4.2
Drupal 10.4.3
Drupal 10.4.4
Drupal 10.4.5
Drupal 10.4.6
Drupal 10.4.7
Drupal 10.4.8
Drupal 10.4.9
Drupal 10.4.10
Drupal 10.5.0
Drupal 10.5.1
Drupal 10.5.2
Drupal 10.5.3
Drupal 10.5.4
Drupal 10.5.5
Drupal 10.5.6
Drupal 10.5.7
Drupal 10.5.8
Drupal 10.5.9
Drupal 10.6.0
Drupal 10.6.1
Drupal 10.6.2
Drupal 10.6.3
Drupal 10.6.4
Drupal 10.6.5
Drupal 10.6.6
Drupal 10.6.7
Drupal 10.6.8
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7
Drupal 11.0.8
Drupal 11.0.9
Drupal 11.0.10
Drupal 11.0.11
Drupal 11.0.12
Drupal 11.0.13
Drupal 11.1.0
Drupal 11.1.1
Drupal 11.1.2
Drupal 11.1.3
Drupal 11.1.4
Drupal 11.1.5
Drupal 11.1.6
Drupal 11.1.7
Drupal 11.1.8
Drupal 11.1.9
Drupal 11.1.10
Drupal 11.2.0
Drupal 11.2.1
Drupal 11.2.2
Drupal 11.2.3
Drupal 11.2.4
Drupal 11.2.5
Drupal 11.2.6
Drupal 11.2.7
Drupal 11.2.8
Drupal 11.2.9
Drupal 11.2.10
Drupal 11.2.11
Drupal 11.2.12
Drupal 11.2.13
Drupal 11.3.0
Drupal 11.3.1
Drupal 11.3.2
Drupal 11.3.3
Drupal 11.3.4
Drupal 11.3.5
Drupal 11.3.6
Drupal 11.3.7
Drupal 11.3.8
Drupal 11.3.9
Drupal 11.3.10
Drupal 11.3.11

Drupal core – Highly critical – SQL injection – SA-CORE-2026-004

Skriv et svar Annuller svar

Om os