CISA Urges Immediate Fix for Drupal Vulnerability Exploited by Hackers

The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address a critical vulnerability in the Drupal platform that is actively being exploited by malicious actors. The issue involves a severe SQL injection flaw that allows unauthorized access to website databases.

According to CISA’s directive, all government agencies must apply patches by the end of the workday on Wednesday. The vulnerability affects Drupal versions widely used for corporate and government websites. Security experts warn that successful exploitation could lead to data breaches or full server compromise.

Drupal is a popular CMS alongside WordPress and Joomla, frequently used by large organizations. Security specialists advise all platform users, regardless of location, to update their systems immediately to the latest secure version to prevent potential attacks.