Drupal CVE-2026-9082 Checker

We recently created a small Python tool to detect CVE-2026-9082, the Anonymous Blind SQL Injection vulnerability in Drupal Core.

DRUPAL CVE-2026-9082 CHECKER is a lightweight scanner that helps security researchers and bug hunters quickly check whether a Drupal site is vulnerable to this blind SQL injection.

Installation

git clone https://github.com/N45HT/drupal-cve-2026-9082-checker.git
cd drupal-cve-2026-9082-checker
pip install -r requirements.txt

git clone https://github.com/N45HT/drupal-cve-2026-9082-checker.git
cd drupal-cve-2026-9082-checker
pip install -r requirements.txt

Usage

Single Target:

./drupal-CVE-2026-9082.py --url https://target.com

./drupal-CVE-2026-9082.py --url https://target.com

Bulk Scanning:

./drupal-CVE-2026-9082.py --urls targets.txt

./drupal-CVE-2026-9082.py --urls targets.txt

References

• https://www.cve.org/CVERecord?id=CVE-2026-9082
• https://cwe.mitre.org/data/definitions/89.html
• https://www.drupal.org/sa-core-2026-004
• https://slcyber.io/research-center/keys-to-the-kingdom-anonymous-sql-injection-in-drupal-core-cve-2026-9082/
• https://www.yeswehack.com/news/cve-2026-9082-postgresql-drupal

Repository: https://github.com/N45HT/drupal-cve-2026-9082-checker

Feel free to use, modify, or improve the tool. Contributions are welcome!

About The Author

Rizky Xavier

See author's posts