Drupal released security updates addressing CVE-2026-9082, a critical vulnerability in Drupal Core's database abstraction API that could allow attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability carries a CVSS score of 6.5.