May 23, 2026
A Drupal core SQL injection vulnerability is actively exploited and added to CISA's KEV catalog. Here's what developers need to patch right now.